Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPBB安全检查绕过漏洞
Vulnerability Description
phpBB 2是一个论坛软件,使用PHP语言开发的并开放其原始码。 phpBB 2.0.17及更早版本,在启用了register_globals而未调用session_start函数来处理会话时,可让远程攻击者通过将$_SESSION和$HTTP_SESSION_VARS变量设置为字符串而非数组来绕过安全性检查,这会导致array_merge函数调用失败。
CVSS Information
N/A
Vulnerability Type
N/A