cbcvebase.
CVE-2006-2219
published 2007-02-08

CVE-2006-2219: phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain…

PriorityP412medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.46%
70.4th percentile
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.

Affected

1 ranges
VendorProductVersion rangeFixed in
phpbb_groupphpbb
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.