CVE-2005-3415 — Group Phpbb vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.0%

top 23.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedNov 1

Latest updateMay 1

Description

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDphpbb_group/phpbb27 versions+26

Patches

Patch: securitytracker.com ↗Patch: www.hardened-php.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2vjg-mqpc-fcrj: phpBB 2↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

CMScout 2.05 - 'bit' Local File Inclusion↗2008-07-27

▶