CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-2219
https://notcve.org/view.php?id=CVE-2006-2219
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. phpBB 2.0.20 no verifica tipos de variables de entrada especificadas por el usuario antes de ser pasadas a funciones dependientes del tipo, lo cual permite a atacantes remotos obtener información sensible, como ha sido demostrado por (1) el parámetro mode a memberlist.php y el (2) parámetro highlight a viewtopic.php que son usados como argumento en las funciones htmlspecialchars o urlencode, lo cual muestra la ruta de instalación en el mensaje de error resultante. • http://marc.info/?l=bugtraq&m=114695651425026&w=2 http://marc.info/?l=bugtraq&m=114731067321710&w=2 http://marc.info/?l=full-disclosure&m=114685931319903&w=2 http://securityreason.com/securityalert/837 https://exchange.xforce.ibmcloud.com/vulnerabilities/26306 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2CVE-2006-2151 – TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2151
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1722 https://www.exploit-db.com/exploits/1724 http://secunia.com/advisories/19884 http://www.osvdb.org/25260 http://www.vupen.com/english/advisories/2006/1601 https://exchange.xforce.ibmcloud.com/vulnerabilities/26172 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2150
https://notcve.org/view.php?id=CVE-2006-2150
PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. • http://www.osvdb.org/25294 http://www.securityfocus.com/archive/1/432453/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26172 •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2CVE-2006-2152 – Advanced Guestbook 2.4.0 - 'phpBB' File Inclusion
https://notcve.org/view.php?id=CVE-2006-2152
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1723 http://secunia.com/advisories/19905 http://www.securityfocus.com/bid/17745 http://www.vupen.com/english/advisories/2006/1600 https://exchange.xforce.ibmcloud.com/vulnerabilities/26217 https://www.exploit-db.com/exploits/1725 •
CVSS: 5.1EPSS: 6%CPEs: 16EXPL: 2CVE-2006-2134 – Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2134
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 http://secunia.com/advisories/19892 http://www.securityfocus.com/bid/17763 http://www.vupen.com/english/advisories/2006/1585 https://exchange.xforce.ibmcloud.com/vulnerabilities/26279 •