Remote Code Execution in phpBB 2.0.17 and earlier due to Disabled register_long_arrays Directive

Remote Code Execution in phpBB 2.0.17 and earlier due to Disabled register_long_arrays Directive

CVE-2005-3417 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.

Learn more about our Web Application Penetration Testing UK.