7.5

CVE-2005-3420

usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpbb GroupPhpbb Version2.0.0
Phpbb GroupPhpbb Version2.0.1
Phpbb GroupPhpbb Version2.0.2
Phpbb GroupPhpbb Version2.0.3
Phpbb GroupPhpbb Version2.0.4
Phpbb GroupPhpbb Version2.0.5
Phpbb GroupPhpbb Version2.0.6
Phpbb GroupPhpbb Version2.0.6c
Phpbb GroupPhpbb Version2.0.6d
Phpbb GroupPhpbb Version2.0.7
Phpbb GroupPhpbb Version2.0.7a
Phpbb GroupPhpbb Version2.0.8
Phpbb GroupPhpbb Version2.0.8a
Phpbb GroupPhpbb Version2.0.9
Phpbb GroupPhpbb Version2.0.10
Phpbb GroupPhpbb Version2.0.11
Phpbb GroupPhpbb Version2.0.12
Phpbb GroupPhpbb Version2.0.13
Phpbb GroupPhpbb Version2.0.14
Phpbb GroupPhpbb Version2.0.15
Phpbb GroupPhpbb Version2.0.16
Phpbb GroupPhpbb Version2.0.17
Phpbb GroupPhpbb Version2.0_beta1
Phpbb GroupPhpbb Version2.0_rc1
Phpbb GroupPhpbb Version2.0_rc2
Phpbb GroupPhpbb Version2.0_rc3
Phpbb GroupPhpbb Version2.0_rc4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.37% 0.816
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18098
http://www.debian.org/security/2005/dsa-925
http://marc.info/?l=bugtraq&m=113081113317600&w=2
http://secunia.com/advisories/17366
http://securityreason.com/securityalert/130
http://securitytracker.com/id?1015121
Patch
Vendor Advisory
http://www.hardened-php.net/advisory_172005.75.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/15243
Patch
http://www.vupen.com/english/advisories/2005/2250
http://www.osvdb.org/20391
Patch