Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-89gf-q94x-r722

Опубликовано: 01 мая 2022
Источник: github
Github: Не прошло ревью

Описание

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.

EPSS

Процентиль: 59%
0.00381
Низкий

Дефекты

CWE-20

Связанные уязвимости

ubuntu
больше 18 лет назад

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.

nvd
больше 18 лет назад

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.

debian
больше 18 лет назад

phpBB 2.0.20 does not properly verify user-specified input variables u ...

EPSS

Процентиль: 59%
0.00381
Низкий

Дефекты

CWE-20