CVE-2006-2219

Name of the Vulnerable Software and Affected Versions: phpBB version 2.0.20

Description: The issue allows remote attackers to obtain sensitive information by not verifying user-specified input variable types before being passed to type-dependent functions. This is demonstrated by the mode parameter to "memberlist.php" and the highlight parameter to "viewtopic.php", which are used as an argument to functions such as htmlspecialchars or urlencode, resulting in the display of the installation path in the resulting error message.

Recommendations: For phpBB version 2.0.20, consider updating to a newer version that addresses this issue, as the current version does not properly validate user input, leading to potential information disclosure. As a temporary workaround, consider restricting access to the "memberlist.php" and "viewtopic.php" scripts until a patch is available. Avoid using the mode and highlight parameters in these scripts until the issue is resolved.