Lucene search

[email protected]CVE-2006-2219

HistoryFeb 08, 2007 - 5:28 p.m.

CVE-2006-2219

2007-02-0817:28:00

CWE-20

[email protected]

web.nvd.nist.gov

phpbb

input validation

remote attackers

sensitive information

cve-2006-2219

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.

CPENameOperatorVersion
phpbb_group:phpbbphpbb group phpbbeq2.0.20

CPE	Name	Operator	Version
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.20

References

marc.info/?l=bugtraq&m=114695651425026&w=2

marc.info/?l=bugtraq&m=114731067321710&w=2

marc.info/?l=full-disclosure&m=114685931319903&w=2

securityreason.com/securityalert/837

exchange.xforce.ibmcloud.com/vulnerabilities/26306

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Related for CVE-2006-2219

prion1 ubuntucve1 securityvulns2