The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote malicious users to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpbb phpbb 2 |