CVE-2005-3420

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.17

Description The issue allows remote attackers to modify regular expressions and execute PHP code via the signature bbcode uid parameter in the "usercp register.php" file. This can be achieved by injecting an "e" modifier into a preg replace statement, enabling the execution of arbitrary PHP code.

Recommendations For phpBB version 2.0.17, consider disabling the signature bbcode uid parameter in the "usercp register.php" file as a temporary workaround until a patch is available. Restrict access to the "usercp register.php" file to minimize the risk of exploitation. Avoid using the signature bbcode uid parameter until the issue is resolved.