Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2005-4358

admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.

See the

CVE page on Mitre.org for more details.

References

SECUNIA: 18125
OSVDB: 21804
SECUNIA: 18252
SREASONRES: 20051217 phpBB 2.0.18 ...
SREASON: 269
VUPEN: ADV-2005-2991
VUPEN: ADV-2006-0010
FULLDISC: 20051217 phpBB 2.0.18 ...
CONFIRM: http://www.phpbb.com/p...
BUGTRAQ: 20051230 phpbb2.0.19 f...

Launchpad.net

CVE 2005-4358

Related bugs

References