PublicDate: 2005-11-01 21:02:00 UTC
Candidate: CVE-2005-3416
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3416
Description:
 phpBB 2.0.17 and earlier, when register_globals is enabled and the
 session_start function has not been called to handle a session, allows
 remote attackers to bypass security checks by setting the $_SESSION and
 $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an
 array_merge function call to fail.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_phpbb2: released (2.0.18-2)
edgy_phpbb2: released (2.0.18-2)
feisty_phpbb2: released (2.0.18-2)
devel_phpbb2: released (2.0.18-2)
upstream_phpbb2: needs-triage