Executive Summary

Informations
Name CVE-2005-3420 First vendor Publication 2005-11-01
Vendor Cve Last vendor Modification 2016-10-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3420

CWE : Common Weakness Enumeration

% Id Name

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 27

OpenVAS Exploits

Date Description
2008-09-04 Name : FreeBSD Ports: phpbb, zh-phpbb-tw
File : nvt/freebsd_phpbb9.nasl
2008-01-17 Name : Debian Security Advisory DSA 925-1 (phpbb2)
File : nvt/deb_925_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
20391 phpBB usercp_register.php signature_bbcode_uid Variable Arbitrary PHP Code Ex...

phpbb contains a flaw that allows remote code execution. This flaw exists because the application does not validate the 'signature_bbcode_uid' variable upon submission to the 'usercp_register.php' script. This could allow a user to execute remote code, leading to a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-925.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_28c9243a72ed11da8c1d000e0c2e438a.nasl - Type : ACT_GATHER_INFO
2005-11-02 Name : The remote web server contains a PHP application that is affected by multiple...
File : phpbb_2_0_17.nasl - Type : ACT_ATTACK

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/15243
BUGTRAQ http://marc.info/?l=bugtraq&m=113081113317600&w=2
DEBIAN http://www.debian.org/security/2005/dsa-925
MISC http://www.hardened-php.net/advisory_172005.75.html
OSVDB http://www.osvdb.org/20391
SECTRACK http://securitytracker.com/id?1015121
SECUNIA http://secunia.com/advisories/17366
http://secunia.com/advisories/18098
SREASON http://securityreason.com/securityalert/130
VUPEN http://www.vupen.com/english/advisories/2005/2250

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2021-05-04 12:03:16
  • Multiple Updates
2021-04-22 01:03:34
  • Multiple Updates
2020-05-23 00:16:55
  • Multiple Updates
2016-10-18 12:01:49
  • Multiple Updates
2016-06-28 15:23:23
  • Multiple Updates
2016-04-26 13:54:33
  • Multiple Updates
2014-02-17 10:33:22
  • Multiple Updates
2013-05-11 11:33:42
  • Multiple Updates