CVE-2005-0614

phpBB 2.0.12 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-0614. PoCs published by str0ke, Kutas, Ali7.

AI-analyzed exploit summary This exploit modifies the Firefox cookies.txt file to inject a serialized PHP object that bypasses authentication in phpBB, granting anonymous users administrator privileges. It replaces a specific cookie value with a crafted payload.

Description

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.

Exploits (3)

exploitdb WORKING POC VERIFIED
by str0ke · c++webappsphp
https://www.exploit-db.com/exploits/897

This exploit modifies the Firefox cookies.txt file to inject a serialized PHP object that bypasses authentication in phpBB, granting anonymous users administrator privileges. It replaces a specific cookie value with a crafted payload.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: phpBB (version not specified, likely older versions)
No auth needed
Prerequisites: Firefox browser with cookies.txt in the profile directory · Access to the target phpBB site
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Kutas · perlwebappsphp
https://www.exploit-db.com/exploits/889

This exploit leverages a session autologin vulnerability in phpBB <=2.0.12 to escalate a registered user's privileges to administrator by manipulating the 'autologinid' cookie. It automates the process of fetching a user ID and promoting the user to admin status.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: phpBB <=2.0.12
Auth required
Prerequisites: Registered user account on the target forum · Access to the forum's admin interface path
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Ali7 · textwebappsphp
https://www.exploit-db.com/exploits/871

This exploit demonstrates an authentication bypass in phpBB 2.0.12 by manipulating session data stored in Firefox cookies. The attacker modifies the serialized cookie data to elevate privileges to an admin user (userid 2).

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: phpBB 2.0.12
No auth needed
Prerequisites: Access to the victim's cookies.txt file · Firefox browser with cookies enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110970201920206&w=2
Vendor Advisory x_refsource_confirm
http://www.phpbb.com/phpBB/viewtopic.php?t=267563
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110999268130739&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14413

Scores

EPSS 0.0508
EPSS Percentile 90.1%

Details

Status published
Products (29)
phpbb_group/phpbb 1.0.0
phpbb_group/phpbb 1.2.0
phpbb_group/phpbb 1.2.1
phpbb_group/phpbb 1.4.0
phpbb_group/phpbb 1.4.1
phpbb_group/phpbb 1.4.2
phpbb_group/phpbb 1.4.4
phpbb_group/phpbb 2.0.0
phpbb_group/phpbb 2.0.1
phpbb_group/phpbb 2.0.2
... and 19 more
Published May 02, 2005
Tracked Since Feb 18, 2026