Description
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
Exploits (1)
nomisec
WRITEUP
by Parcer0 · poc
https://github.com/Parcer0/CVE-2005-0603-phpBB-2.0.12-Full-path-disclosure
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.phpbb.com/phpBB/viewtopic.php?t=267563
URL Repurposed x_refsource_misc
http://neossecurity.net/Advisories/Advisory-06.txt
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14413
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110943646112950&w=2
Scores
EPSS
0.0473
EPSS Percentile
89.4%
Details
Status
published
Products (21)
phpbb_group/phpbb
2.0.0
phpbb_group/phpbb
2.0.1
phpbb_group/phpbb
2.0.2
phpbb_group/phpbb
2.0.3
phpbb_group/phpbb
2.0.4
phpbb_group/phpbb
2.0.5
phpbb_group/phpbb
2.0.6
phpbb_group/phpbb
2.0.6c
phpbb_group/phpbb
2.0.6d
phpbb_group/phpbb
2.0.7
... and 11 more
Published
Feb 28, 2005
Tracked Since
Feb 18, 2026