phpBB Arbitrary File Disclosure Vulnerability Date: Wednesday, February 23 @ 14:23:38 CET Topic: Security Security Alert: phpBB Group phpBB Arbitrary File Disclosure Vulnerability! The remote exploitation of an input validation vulnerability in the phpBB Group's phpBB2 bulletin board system allows attackers to read the contents of arbitrary system files under the privileges of the web server. Exploitation of this vulnerability allows remote attackers to view arbitrary system files under the privileges of the underlying web server. An attacker must have, or be able to create an account on the target system. Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible to the attacker. More information: idefense phpbb.com mitre.org This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=3633