Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4346


Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4346
Last Modified 20 Sep 2008 12:42:43
Published 18 Dec 2005 10:47:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error.

Vulnerable Systems


  • Anthony Boyd Phpbb Blog 2.2.2


XF - phpbbblog-permalink-sql-injection(23495)


OSVDB - 21565


Last Updated: 27 May 2016 10:41:16