WEB APPLICATION VULNERABILITIES Standard & Premium

phpBB Improper Input Validation Vulnerability (CVE-2006-2220)

Description

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.

Remediation

References

Related Vulnerabilities

Oracle JRE CVE-2019-2981 Vulnerability (CVE-2019-2981)

WordPress Plugin Login With Ajax Cross-Site Request Forgery (3.0.4.1)

MySQL CVE-2013-1570 Vulnerability (CVE-2013-1570)

Ruby Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2017-17742)

PHP Other Vulnerability (CVE-2006-1608)

Severity

Medium

Classification

CVE-2006-2220 CWE-20

Tags

Missing Update Known Vulnerabilities