CVE-2005-3420

2005-11-0121:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3420

phpbb

remote code execution

security vulnerability

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%

JSON

usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an “e” modifier into a preg_replace statement.

CPENameOperatorVersion
phpbb_group:phpbbphpbb group phpbbeq2.0.5
phpbb_group:phpbbphpbb group phpbbeq2.0.7a
phpbb_group:phpbbphpbb group phpbbeq2.0.8
phpbb_group:phpbbphpbb group phpbbeq2.0.11
phpbb_group:phpbbphpbb group phpbbeq2.0.1
phpbb_group:phpbbphpbb group phpbbeq2.0.13
phpbb_group:phpbbphpbb group phpbbeq2.0.16
phpbb_group:phpbbphpbb group phpbbeq2.0.3
phpbb_group:phpbbphpbb group phpbbeq2.0_rc2
phpbb_group:phpbbphpbb group phpbbeq2.0_rc1

CPE	Name	Operator	Version
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.5
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.7a
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.8
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.11
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.1
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.13
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.16
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.3
phpbb_group:phpbb	phpbb group phpbb	eq	2.0_rc2
phpbb_group:phpbb	phpbb group phpbb	eq	2.0_rc1