Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2220

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2220
Last Modified 01 Jul 2010 12:00:00
Published 08 Feb 2007 12:28:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2220

Summary

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.

Vulnerable Systems

Application

  • Phpbb 2.0.20


References

XF - phpbb-multiple-path-disclosure(26306)

SREASON - 837

FULLDISC - 20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors

BUGTRAQ - 20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors


Last Updated: 27 May 2016 10:42:22