// For flags

CVE-2006-2219

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.

phpBB 2.0.20 no verifica tipos de variables de entrada especificadas por el usuario antes de ser pasadas a funciones dependientes del tipo, lo cual permite a atacantes remotos obtener información sensible, como ha sido demostrado por (1) el parámetro mode a memberlist.php y el (2) parámetro highlight a viewtopic.php que son usados como argumento en las funciones htmlspecialchars o urlencode, lo cual muestra la ruta de instalación en el mensaje de error resultante.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-05-05 CVE Reserved
  • 2006-05-06 CVE Published
  • 2023-12-13 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Phpbb Group
Search vendor "Phpbb Group"
 Phpbb
Search vendor "Phpbb Group" for product "Phpbb"
 2.0.20
Search vendor "Phpbb Group" for product "Phpbb" and version "2.0.20"
-
Affected