PT-2005-4216 · Phpbb · Phpbb

Stefan Esser

Published

2005-11-01

Updated

2016-10-18

CVE-2005-3420

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.17

Description The issue allows remote attackers to modify regular expressions and execute PHP code via the signature bbcode uid parameter in the "usercp register.php" file. This can be achieved by injecting an "e" modifier into a preg replace statement, enabling the execution of arbitrary PHP code.

Recommendations For phpBB version 2.0.17, consider disabling the signature bbcode uid parameter in the "usercp register.php" file as a temporary workaround until a patch is available. Restrict access to the "usercp register.php" file to minimize the risk of exploitation. Avoid using the signature bbcode uid parameter until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3420

DSA-925-1

Affected Products

Phpbb

PT-2005-4216 · Phpbb · Phpbb

CVE-2005-3420

Related Identifiers

Affected Products

References · 12