Back to search
CVE-2006-2220
Published: Feb 8, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
phpbb-multiple-path-disclosure(26306)
vdb-entry
x_refsource_XF
20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors
mailing-list
x_refsource_BUGTRAQ
20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors
mailing-list
x_refsource_FULLDISC
837
third-party-advisory
x_refsource_SREASON
20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now