Executive Summary

Informations
NameCVE-2005-3420First vendor Publication2005-11-01
VendorCveLast vendor Modification2016-10-17

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3420

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application27

OpenVAS Exploits

DateDescription
2008-09-04Name : FreeBSD Ports: phpbb, zh-phpbb-tw
File : nvt/freebsd_phpbb9.nasl
2008-01-17Name : Debian Security Advisory DSA 925-1 (phpbb2)
File : nvt/deb_925_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
20391phpBB usercp_register.php signature_bbcode_uid Variable Arbitrary PHP Code Ex...

Nessus® Vulnerability Scanner

DateDescription
2006-10-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-925.nasl - Type : ACT_GATHER_INFO
2006-05-13Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_28c9243a72ed11da8c1d000e0c2e438a.nasl - Type : ACT_GATHER_INFO
2005-11-02Name : The remote web server contains a PHP application that is affected by multiple...
File : phpbb_2_0_17.nasl - Type : ACT_ATTACK

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/15243
BUGTRAQ http://marc.info/?l=bugtraq&m=113081113317600&w=2
DEBIAN http://www.debian.org/security/2005/dsa-925
MISC http://www.hardened-php.net/advisory_172005.75.html
SECTRACK http://securitytracker.com/id?1015121
SREASON http://securityreason.com/securityalert/130
VUPEN http://www.vupen.com/english/advisories/2005/2250

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2016-10-18 12:01:49
  • Multiple Updates
2016-06-28 15:23:23
  • Multiple Updates
2016-04-26 13:54:33
  • Multiple Updates
2014-02-17 10:33:22
  • Multiple Updates
2013-05-11 11:33:42
  • Multiple Updates