Vulnerability Details CVE-2006-2220
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=114695651425026&w=2
- http://marc.info/?l=bugtraq&m=114731067321710&w=2
- http://marc.info/?l=full-disclosure&m=114685931319903&w=2
- http://securityreason.com/securityalert/837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26306
- http://marc.info/?l=bugtraq&m=114695651425026&w=2
- http://marc.info/?l=bugtraq&m=114731067321710&w=2
- http://marc.info/?l=full-disclosure&m=114685931319903&w=2
- http://securityreason.com/securityalert/837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26306