7.5

CVE-2005-3415

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpbb GroupPhpbb Version2.0.0
Phpbb GroupPhpbb Version2.0.1
Phpbb GroupPhpbb Version2.0.2
Phpbb GroupPhpbb Version2.0.3
Phpbb GroupPhpbb Version2.0.4
Phpbb GroupPhpbb Version2.0.5
Phpbb GroupPhpbb Version2.0.6
Phpbb GroupPhpbb Version2.0.6c
Phpbb GroupPhpbb Version2.0.6d
Phpbb GroupPhpbb Version2.0.7
Phpbb GroupPhpbb Version2.0.7a
Phpbb GroupPhpbb Version2.0.8
Phpbb GroupPhpbb Version2.0.8a
Phpbb GroupPhpbb Version2.0.9
Phpbb GroupPhpbb Version2.0.10
Phpbb GroupPhpbb Version2.0.11
Phpbb GroupPhpbb Version2.0.12
Phpbb GroupPhpbb Version2.0.13
Phpbb GroupPhpbb Version2.0.14
Phpbb GroupPhpbb Version2.0.15
Phpbb GroupPhpbb Version2.0.16
Phpbb GroupPhpbb Version2.0.17
Phpbb GroupPhpbb Version2.0_beta1
Phpbb GroupPhpbb Version2.0_rc1
Phpbb GroupPhpbb Version2.0_rc2
Phpbb GroupPhpbb Version2.0_rc3
Phpbb GroupPhpbb Version2.0_rc4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.37% 0.816
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18098
http://www.debian.org/security/2005/dsa-925
http://marc.info/?l=bugtraq&m=113081113317600&w=2
http://secunia.com/advisories/17366
http://securityreason.com/securityalert/130
http://securitytracker.com/id?1015121
Patch
Vendor Advisory
http://www.hardened-php.net/advisory_172005.75.html
Patch
Vendor Advisory
http://www.osvdb.org/20386
http://www.securityfocus.com/bid/15243
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/22914