PT-2005-1899 · Phpbb+1 · Phpbb+1

Alberto Trivero

Published

2005-03-26

Updated

2017-07-11

CVE-2005-0871

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions phpBB Topic Calendar module version 1.0.1

Description The issue allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message when running on a Microsoft IIS server.

Recommendations For version 1.0.1, consider restricting access to the calendar scheduler.php file until a patch is available. Avoid using invalid parameters in the affected API endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0871

Affected Products

Iis

Phpbb

PT-2005-1899 · Phpbb+1 · Phpbb+1

CVE-2005-0871

Related Identifiers

Affected Products

References · 6