Back to search
CVE-2006-2219
Published: Feb 8, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
phpbb-multiple-path-disclosure(26306)
vdb-entry
x_refsource_XF
20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors
mailing-list
x_refsource_BUGTRAQ
20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors
mailing-list
x_refsource_FULLDISC
837
third-party-advisory
x_refsource_SREASON
20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now