7.5

CVE-2005-3417

phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpbb GroupPhpbb Version2.0.0
Phpbb GroupPhpbb Version2.0.1
Phpbb GroupPhpbb Version2.0.2
Phpbb GroupPhpbb Version2.0.3
Phpbb GroupPhpbb Version2.0.4
Phpbb GroupPhpbb Version2.0.5
Phpbb GroupPhpbb Version2.0.6
Phpbb GroupPhpbb Version2.0.6c
Phpbb GroupPhpbb Version2.0.6d
Phpbb GroupPhpbb Version2.0.7
Phpbb GroupPhpbb Version2.0.7a
Phpbb GroupPhpbb Version2.0.8
Phpbb GroupPhpbb Version2.0.8a
Phpbb GroupPhpbb Version2.0.9
Phpbb GroupPhpbb Version2.0.10
Phpbb GroupPhpbb Version2.0.11
Phpbb GroupPhpbb Version2.0.12
Phpbb GroupPhpbb Version2.0.13
Phpbb GroupPhpbb Version2.0.14
Phpbb GroupPhpbb Version2.0.15
Phpbb GroupPhpbb Version2.0.16
Phpbb GroupPhpbb Version2.0.17
Phpbb GroupPhpbb Version2.0_beta1
Phpbb GroupPhpbb Version2.0_rc1
Phpbb GroupPhpbb Version2.0_rc2
Phpbb GroupPhpbb Version2.0_rc3
Phpbb GroupPhpbb Version2.0_rc4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.31% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18098
http://www.debian.org/security/2005/dsa-925
http://marc.info/?l=bugtraq&m=113081113317600&w=2
http://secunia.com/advisories/17366
http://securityreason.com/securityalert/130
http://securitytracker.com/id?1015121
Patch
Vendor Advisory
http://www.hardened-php.net/advisory_172005.75.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/15243
Patch
http://www.osvdb.org/20414