CVE-2005-3415

Published: Nov 1, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.

Affected (27)

Products: Phpbb Group: Phpbb

Phpbb Group

1 product

Phpbb

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Phpbb Group Phpbb	Version 2.0.0
Phpbb Group Phpbb	Version 2.0.10
Phpbb Group Phpbb	Version 2.0.11
Phpbb Group Phpbb	Version 2.0.12
Phpbb Group Phpbb	Version 2.0.13
Phpbb Group Phpbb	Version 2.0.14
Phpbb Group Phpbb	Version 2.0.15
Phpbb Group Phpbb	Version 2.0.16
Phpbb Group Phpbb	Version 2.0.17
Phpbb Group Phpbb	Version 2.0.1
Phpbb Group Phpbb	Version 2.0.2
Phpbb Group Phpbb	Version 2.0.3
Phpbb Group Phpbb	Version 2.0.4
Phpbb Group Phpbb	Version 2.0.5
Phpbb Group Phpbb	Version 2.0.6
Phpbb Group Phpbb	Version 2.0.6c
Phpbb Group Phpbb	Version 2.0.6d
Phpbb Group Phpbb	Version 2.0.7
Phpbb Group Phpbb	Version 2.0.7a
Phpbb Group Phpbb	Version 2.0.8
Phpbb Group Phpbb	Version 2.0.8a
Phpbb Group Phpbb	Version 2.0.9
Phpbb Group Phpbb	Version 2.0_beta1
Phpbb Group Phpbb	Version 2.0_rc1
Phpbb Group Phpbb	Version 2.0_rc2
Phpbb Group Phpbb	Version 2.0_rc3
Phpbb Group Phpbb	Version 2.0_rc4