Path Disclosure Vulnerability in phpBB 2.0.20 by phpBB
CVE-2006-2219

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb
Vendor: CVE Published:; 8 February 2007

🔔 Create PHPbb Group Vulnerability Alert

What is CVE-2006-2219?

The vulnerability in phpBB 2.0.20 arises from improper input validation, leading to opportunities for remote attackers to exploit type-dependent functions. This flaw can allow unauthorized exposure of sensitive information through error messages, particularly involving the 'mode' parameter in memberlist.php and the 'highlight' parameter in viewtopic.php, both of which can inadvertently display the installation path of the application.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26306

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=114695651425026&w=2

mailing-listx_refsource_BUGTRAQ

http://marc.info/?l=full-disclosure&m=114685931319903&w=2

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2007
Vulnerability Reserved
May 5, 2006

CVE-2006-2219 Data

JSON