CVE-2006-2219

phpBB 2.0.20 - Information Disclosure via Improper Input Validation

Title source: llm
STIX 2.1

Description

phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26306
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=114695651425026&w=2
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=114685931319903&w=2
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/837
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=114731067321710&w=2

Scores

EPSS 0.0146
EPSS Percentile 70.6%

Details

CWE
CWE-20
Status published
Products (1)
phpbb_group/phpbb 2.0.20
Published Feb 08, 2007
Tracked Since Feb 18, 2026