CyberSec.Space Logo
Back to CVE Browser

CVE-2006-6841

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile11.03th
PublishedDec 31, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.

Affected Platforms (CPE)

πŸ“¦
Phpbb Group

Phpbb

= 1.2.4_rc3
πŸ“¦
Phpbb Group

Phpbb

= 2.0.18
πŸ“¦
Phpbb Group

Phpbb

= 2.0.20
πŸ“¦
Phpbb Group

Phpbb

= 2.0.21

References & Advisories

πŸ”— http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980
πŸ”— http://secunia.com/advisories/28871
πŸ”— http://www.debian.org/security/2008/dsa-1488
πŸ”— http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624
πŸ”— http://www.securityfocus.com/bid/21806
πŸ”— http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980
πŸ”— http://secunia.com/advisories/28871
πŸ”— http://www.debian.org/security/2008/dsa-1488

Related Vulnerabilities

CVE-2002-153710.0

admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with mo...

CVE-2006-683910.0

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redir...

CVE-2002-047310.0

db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the ph...

CVE-2006-684010.0

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start paramet...