CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
85.9%
phpBB 2.0.17 and earlier, when register_globals is enabled and the
session_start function has not been called to handle a session, allows
remote attackers to bypass security checks by setting the $_SESSION and
$HTTP_SESSION_VARS variables to strings instead of arrays, which causes an
array_merge function call to fail.