2.4

CVSS Score

3.0

Basic Information

CVE ID

CVE-2023-5917

GHSA ID

GHSA-gmx8-8rff-qv6q

EPSS Score

0.25922%

CWE

CWE-79

Published

11/2/2023

Updated

10/30/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-5917

CVE-2023-5917: phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting

A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pack leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.

(GitHub Advisory)

2.4

CVSS Score

3.0

Basic Information

CVE ID

CVE-2023-5917

GHSA ID

GHSA-gmx8-8rff-qv6q

EPSS Score

0.25922%

CWE

CWE-79

Published

11/2/2023

Updated

10/30/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
phpbb/phpbb	composer	< 3.3.11	3.3.11

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key issues in acp_icons.php's main function: 1) The 'pack' parameter was used in file() without sanitization (via basename()), allowing directory traversal. 2) The '_url' field was populated with raw 'img' values instead of HTML-escaped content. The patch introduced utf8_basename() for path sanitization and utf8_substr(rawurlencode(...)) for output encoding, confirming these were the vulnerable points. Both issues occur within the main function's logic for handling smiley pack imports.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility, w*i** w*s *l*ssi*i** *s pro*l*m*ti*, **s ***n *oun* in p*p** up to *.*.**. T*is issu* *****ts t** *un*tion m*in o* t** *il* `p*p**/in*lu**s/**p/**p_i*ons.p*p` o* t** *ompon*nt Smil*y P**k **n*l*r. T** m*nipul*tion o* t** *r*um*nt p**

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s in **p_i*ons.p*p's m*in *un*tion: *) T** 'p**k' p*r*m*t*r w*s us** in *il*() wit*out s*nitiz*tion (vi* **s*n*m*()), *llowin* *ir**tory tr*v*rs*l. *) T** '_url' *i*l* w*s popul*t** wit* r*w 'im*' v*lu*s inst

2.4

Basic Information

Concerned about an active attack path?

CVE-2023-5917: phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting

2.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI