CVE-2005-3416

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0.17 and earlier

Description The issue allows remote attackers to bypass security checks. This is possible when register globals is enabled and the session start function has not been called to handle a session. Attackers can set the $ SESSION and $HTTP SESSION VARS variables to strings instead of arrays, causing an array merge function call to fail.

Recommendations For phpBB versions 2.0.17 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, ensure that the session start function is properly called to handle sessions. As a temporary workaround, consider validating the $ SESSION and $HTTP SESSION VARS variables to ensure they are arrays before proceeding with the array merge function call.