Vulnerability CVE-2005-3799

Vulnerability CVE-2005-3799

Published: 2005-11-24 Modified: 2012-02-12

Description:

phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	phpBB 2.0.18 SQL Query problem	Maksymilian Arci...	30.09.2005
Low	phpBB 2.0.18 sql query problem PoC	Maksymilian Arci...	30.09.2005

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Phpbb group -> Phpbb

References:

http://securityreason.com/achievement_exploitalert/4

http://marc.theaimsgroup.com/?l=bugtraq&m=113210133012767&w=2

http://marc.theaimsgroup.com/?l=bugtraq&m=113200740718682&w=2

Copyright 2024, cxsecurity.com