CVE-2004-0729 — Group Phpbb vulnerability

2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedJul 27

Latest updateApr 29

Description

PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDphpbb_group/phpbb2.0.8, 2.0.8a+1

🔴Vulnerability Details

GHSA

GHSA-cf4p-4gq4-6v2f: PhpBB 2↗2022-04-29

▶