CVE-2006-2219
phpBB 2.0.20 - Information Disclosure via Improper Input Validation
Title source: llmDescription
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26306
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=114695651425026&w=2
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=114685931319903&w=2
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/837
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=114731067321710&w=2
Scores
EPSS
0.0146
EPSS Percentile
70.6%
Details
CWE
CWE-20
Status
published
Products (1)
phpbb_group/phpbb
2.0.20
Published
Feb 08, 2007
Tracked Since
Feb 18, 2026