CVE-2005-4358Group Phpbb vulnerability

2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpbb Group Phpbb
Timeline
PublishedDec 20
Latest updateMay 1

Description

admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDphpbb_group/phpbb2.0.18

🔴Vulnerability Details

1
GHSA
GHSA-wfq8-wvj5-jv7v: admin/admin_disallow2022-05-01