Vulnerability Name: | CVE-2006-2219 (CCN-26306) | ||||||||
Assigned: | 2006-05-05 | ||||||||
Published: | 2006-05-05 | ||||||||
Updated: | 2017-07-20 | ||||||||
Summary: | phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Fri May 05 2006 - 12:26:18 CDT phpBB 2.0.20 Full Path Disclosure and SQL Errors Source: MITRE Type: CNA CVE-2006-2219 Source: MITRE Type: CNA CVE-2006-2220 Source: BUGTRAQ Type: UNKNOWN 20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors Source: BUGTRAQ Type: UNKNOWN 20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors Source: FULLDISC Type: UNKNOWN 20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors Source: SREASON Type: UNKNOWN 837 Source: CCN Type: OSVDB ID: 25567 phpBB htmlspecialchars() Protection Bypass Path Disclosure Source: CCN Type: OSVDB ID: 25568 phpBB Malformed SQL Query Information Disclosure Source: CCN Type: OSVDB ID: 35446 phpBB Negative LIMIT Specification SQL Error Path Disclosure Source: CCN Type: OSVDB ID: 35447 phpBB membership.php mode Variable Type-dependent Function Information Disclosure Source: CCN Type: OSVDB ID: 35448 phpBB viewtopic.php highlight Variable Type-dependent Function Information Disclosure Source: CCN Type: phpBB Web site phpBB:: Creating Communities Source: XF Type: UNKNOWN phpbb-memberlist-viewtopic-path-disclosure(26306) Source: XF Type: UNKNOWN phpbb-multiple-path-disclosure(26306) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |