phpBB memberlist.php and viewtopic.php path disclosure

phpbb-memberlist-viewtopic-path-disclosure (26306) The risk level is classified as LowLow Risk


phpBB could allow a remote attacker to obtain sensitive information. A remote attacker could send specially-crafted SQL requests to the memberlist.php or viewtopic.php script using the 'mode' or 'highlight' variables to cause phpBB to display the installation path and other sensitive information.


Obtain Information


No remedy available as of September 1, 2014.


  • BugTraq Mailing List, Fri May 05 2006 - 12:26:18 CDT: phpBB 2.0.20 Full Path Disclosure and SQL Errors.
  • phpBB Web site: phpBB:: Creating Communities.
  • CVE-2006-2219: phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
  • CVE-2006-2220: phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.
  • OSVDB ID: 25567: phpBB htmlspecialchars() Protection Bypass Path Disclosure
  • OSVDB ID: 25568: phpBB Malformed SQL Query Information Disclosure
  • OSVDB ID: 35446: phpBB Negative LIMIT Specification SQL Error Path Disclosure
  • OSVDB ID: 35447: phpBB membership.php mode Variable Type-dependent Function Information Disclosure
  • OSVDB ID: 35448: phpBB viewtopic.php highlight Variable Type-dependent Function Information Disclosure

Platforms Affected:

  • phpBB phpBB 2.0.20


May 05, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page