CVE-2005-3415

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0.17 and earlier

Description The issue allows remote attackers to bypass protection mechanisms by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name. This causes phpBB to unset the GLOBALS[] variable but not the GPC variable, potentially leading to exploitation.

Recommendations For phpBB versions 2.0.17 and earlier, consider updating to a newer version to mitigate the risk, as the exact fix version is not specified. As a temporary workaround, restrict the setting of GLOBALS[] variables to minimize the risk of exploitation. Avoid using the same name for both GPC and GLOBALS[] variables in the affected code until the issue is resolved.