CVE-2005-1114 — Path Equivalence: 'filename.' (Trailing Dot) in Group Phpbb

CWE-42 — Path Equivalence: 'filename.' (Trailing Dot)3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 26.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb Smartor Photo Album

Timeline

PublishedMay 2

Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsmartor/photo_album2.0.53

▶NVDphpbb_group/phpbb18 versions+17

🔴Vulnerability Details

GHSA

GHSA-ccm4-5mp7-49gf: Multiple SQL injection vulnerabilities in album_search↗2022-05-01

▶

📐Framework References

CWE

Path Equivalence: 'filename.' (Trailing Dot)↗

▶