Vulnerability Details CVE-2005-3415
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=113081113317600&w=2
- http://secunia.com/advisories/17366
- http://secunia.com/advisories/18098
- http://securityreason.com/securityalert/130
- http://securitytracker.com/id?1015121
- http://www.debian.org/security/2005/dsa-925
- http://www.hardened-php.net/advisory_172005.75.html
- http://www.osvdb.org/20386
- http://www.securityfocus.com/bid/15243
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22914
- http://marc.info/?l=bugtraq&m=113081113317600&w=2
- http://secunia.com/advisories/17366
- http://secunia.com/advisories/18098
- http://securityreason.com/securityalert/130
- http://securitytracker.com/id?1015121
- http://www.debian.org/security/2005/dsa-925
- http://www.hardened-php.net/advisory_172005.75.html
- http://www.osvdb.org/20386
- http://www.securityfocus.com/bid/15243
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22914
Products affected by CVE-2005-3415
-
cpe:2.3:a:phpbb_group:phpbb:2.0.0
-
cpe:2.3:a:phpbb_group:phpbb:2.0.1
-
cpe:2.3:a:phpbb_group:phpbb:2.0.10
-
cpe:2.3:a:phpbb_group:phpbb:2.0.11
-
cpe:2.3:a:phpbb_group:phpbb:2.0.12
-
cpe:2.3:a:phpbb_group:phpbb:2.0.13
-
cpe:2.3:a:phpbb_group:phpbb:2.0.14
-
cpe:2.3:a:phpbb_group:phpbb:2.0.15
-
cpe:2.3:a:phpbb_group:phpbb:2.0.16
-
cpe:2.3:a:phpbb_group:phpbb:2.0.17
-
cpe:2.3:a:phpbb_group:phpbb:2.0.2
-
cpe:2.3:a:phpbb_group:phpbb:2.0.3
-
cpe:2.3:a:phpbb_group:phpbb:2.0.4
-
cpe:2.3:a:phpbb_group:phpbb:2.0.5
-
cpe:2.3:a:phpbb_group:phpbb:2.0.6
-
cpe:2.3:a:phpbb_group:phpbb:2.0.6c
-
cpe:2.3:a:phpbb_group:phpbb:2.0.6d
-
cpe:2.3:a:phpbb_group:phpbb:2.0.7
-
cpe:2.3:a:phpbb_group:phpbb:2.0.7a
-
cpe:2.3:a:phpbb_group:phpbb:2.0.8
-
cpe:2.3:a:phpbb_group:phpbb:2.0.8a
-
cpe:2.3:a:phpbb_group:phpbb:2.0.9
-
cpe:2.3:a:phpbb_group:phpbb:2.0_beta1
-
cpe:2.3:a:phpbb_group:phpbb:2.0_rc1
-
cpe:2.3:a:phpbb_group:phpbb:2.0_rc2
-
cpe:2.3:a:phpbb_group:phpbb:2.0_rc3
-
cpe:2.3:a:phpbb_group:phpbb:2.0_rc4