Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpBB Blog blog.php SQL语法漏洞
Vulnerability Description
phpBB Blog 2.2.2及更早版本的blog.php中存在无效的SQL语法错误,远程攻击者可以通过无效的index.php permalink参数,产生在SQL语法错误信息中可泄露完整路径名称的无效SQL查询,从而获得应用程序的完整路径。
CVSS Information
N/A
Vulnerability Type
N/A