5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.0%
phpBB 2.0.20 does not verify user-specified input variable types before
being passed to type-dependent functions, which allows remote attackers to
obtain sensitive information, as demonstrated by the (1) mode parameter to
memberlist.php and the (2) highlight parameter to viewtopic.php that are
used as an argument to the htmlspecialchars or urlencode functions, which
displays the installation path in the resulting error message.