CVE-2004-2054

Name of the Vulnerable Software and Affected Versions PhpBB versions 2.0.4 through 2.0.9

Description The issue allows remote attackers to perform HTTP Response Splitting attacks, modifying expected HTML content from the server. This can be achieved via the mode parameter to "privmsg.php" or the redirect parameter to "login.php".

Recommendations For versions 2.0.4 through 2.0.9, consider restricting access to the privmsg.php and login.php scripts until a patch is available. As a temporary workaround, avoid using the mode parameter in "privmsg.php" and the redirect parameter in "login.php" to minimize the risk of exploitation.