phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The issue is triggered when the 'register_long_array' option is turned off making PHP not able to verify user-supplied input to the HTTP_* variables. It is possible that the flaw may result in cross site scripting and SQL injection attacks due to the lack of the register_globals function being honored.

Upgrade to version 2.0.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015121
• Bugtraq ID: 15243
• Secunia Advisory ID: 17366 18098
• CVE ID: 2005-3417 (see also: NVD)
• Related OSVDB ID: 20386 20387 20388 20389 20390 20391 20413
• ISS X-Force ID: 22914
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0637.html
• Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-925
• Other Advisory URL: http://www.hardened-php.net/advisory_172005.75.html
• Vendor Specific News/Changelog Entry: http://www.phpbb.com/support/documents.php?mode=changelog#2017

• Stefan Esser - sesserhardened-php.net - www.hardened-php.net