Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpBBSQL注入漏洞
Vulnerability Description
phpBB是一种用PHP语言实现的基于Web的开放源码论坛程序,使用较为广泛。它支持多种数据库作为后端,如Oracle、MSSQL、MySql、PostGres等等。 Sql注入漏洞,phpBB将所有输入(INT)都加到了SQL查询的末尾(LIMIT)。如果值小于0或大于-2^32的话查询就会失败。
CVSS Information
N/A
Vulnerability Type
N/A