VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2350

CVE-2004-2350

Description

SQL injection in phpBB's search.php allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in phpBB's search.php allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.

Vulnerability

An SQL injection vulnerability exists in search.php for phpBB versions 1.0 through 2.0.6. This flaw is due to insufficient sanitization of user-supplied data in the search_results parameter, allowing for manipulation of database queries [1].

Exploitation

Remote attackers can exploit this vulnerability by sending a crafted request to the search.php script, specifically targeting the search_results parameter. No specific authentication or user interaction is mentioned as required for exploitation, suggesting it may be accessible over the network [1].

Impact

Successful exploitation allows attackers to inject arbitrary SQL syntax, potentially influencing query logic. This can lead to the disclosure of sensitive information, which could then be used to gain unauthorized access and privileges within the phpBB application [1].

## Mitigation phpBB versions 1.0 through 2.0.6 are affected. Information regarding a fixed version or specific mitigation steps is not yet disclosed in the available references. Users are advised to consult vendor advisories for updates [1].

References
  1. phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection

AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • PhpBB/phpBB20 versions
    cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*
    • (no CPE)range: 1.0 to 2.0.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.