phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code. The issue is triggered due to an error where global variables defined by the user are not properly unset. It is possible that the flaw may allow cross site scripting and SQL injection attacks, and/or execution of arbitrary PHP code resulting in a loss of integrity.

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Upgrade to version 2.0.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015121
• Bugtraq ID: 15243
• Secunia Advisory ID: 17366 18098
• CVE ID: 2005-3415 (see also: NVD)
• Related OSVDB ID: 20387 20388 20389 20390 20391 20413 20414
• ISS X-Force ID: 22914
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0637.html
• Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-925
• Other Advisory URL: http://www.hardened-php.net/advisory_172005.75.html
• Vendor Specific News/Changelog Entry: http://www.phpbb.com/support/documents.php?mode=changelog#2017

• Stefan Esser - sesserhardened-php.net - www.hardened-php.net