Description
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.
Remediation
References
Related Vulnerabilities
MyBB Improper Access Control Vulnerability (CVE-2016-9415)
WordPress Plugin CM Table Of Contents Cross-Site Scripting (1.0.7)
WebLogic Observable Discrepancy Vulnerability (CVE-2019-3740)
Serendipity URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-5474)
WordPress Plugin Good LMS-Learning Management System SQL Injection (2.1.4)