Skip to main content

CVE-2005-3420

Severity High
Score 7.5/10

Summary

usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

References

Advisory Timeline

  • Published