CVE-2005-0603 — Sensitive Information Exposure in Group Phpbb

CWE-200 — Sensitive Information Exposure CWE-209 — Information Exposure via Error Message CWE-185 — Incorrect Regular Expression5 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

4.7%

top 10.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedFeb 28

Latest updateMay 1

Description

viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDphpbb_group/phpbb21 versions+20

Patches

Patch: secunia.com ↗Patch: www.phpbb.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-mqh2-67f9-5wg9: viewtopic↗2022-05-01

▶

📐Framework References

CWE

Exposure of Sensitive Information to an Unauthorized Actor↗

▶

CWE

Generation of Error Message Containing Sensitive Information↗

▶

CWE

Incorrect Regular Expression↗

▶