03.19.2004 - phpBB 2.0.7 [Security Fix] Possible SQL Injection
phpBB is a high powered, fully scalable, and highly customisable open-source bulletin board package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP server language and your choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community solution for all web sites.
NOTE:We've been notified of a flaw in search.php. This, under the right circumstances with certain server versions be exploited to obtain password hashes. All existing users of phpBB 2.0.x make the changes specified below, it is highly recommended.
We have now updated all archives (for 2.0.7) as made available on the download page here. Therefore all new installations and upgrades will be immune.
We appologize to not have reacted earlier and for the bug in the redirection code introduced while fixing another security bug.
You may wish to redownload and reinstall version 2.0.7
- Download phpBB 2.0.7
- View Additional Information And Work Around
- View Additional Information
- Visit The phpBB Group