CVE-2006-2220

CVE-2006-2220 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.