Remote Information Disclosure in phpBB Auction by Key Vendor
CVE-2005-1235

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb-auction
Vendor: CVE Published:; 2 May 2005

🔔 Create PHPbb Group Vulnerability Alert

What is CVE-2005-1235?

The phpbb-Auction product contains a vulnerability in the auction_my_auctions.php script that permits remote attackers to access sensitive information. This exploit occurs due to an invalid mode parameter, which triggers a PHP error message revealing the full path of the file. Such information can be utilized by malicious users to launch further attacks on the affected system.

References

http://secunia.com/advisories/15029

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1013779

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/15706

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 24, 2005

CVE-2005-1235 Data

JSON