5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.3%
The search function in phpBB 2.x provides a search_id value that leaks the
state of PHP’s PRNG, which allows remote attackers to obtain potentially
sensitive information, as demonstrated by a cross-application attack
against WordPress, a different vulnerability than CVE-2006-0632.