VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 1, 2005· Updated Jun 16, 2026

CVE-2005-3418

CVE-2005-3418

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

28
  • PhpBB/phpBB28 versions
    cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*+ 27 more
    • cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*
    • (no CPE)range: <=2.0.17

Patches

Vulnerability mechanics

Root cause

"Uninitialized variables in three phpBB scripts allow remote attackers to inject arbitrary HTML or script via register_globals."

Attack vector

An attacker can inject arbitrary HTML or script by supplying values for the uninitialized variables `error_msg`, `forward_page`, or `list_cat` through GET, POST, or COOKIE parameters when `register_globals` is enabled [ref_id=1]. The advisory notes that phpBB's built-in global deregistration code can be bypassed in PHP5 (e.g., by setting `HTTP_SESSION_VARS` to a string to cause `array_merge()` to fail), making the attack feasible even on systems that attempt to protect against register_globals abuse [ref_id=1]. No authentication is required; the attacker simply crafts a URL or form submission targeting the vulnerable scripts.

Affected code

The advisory identifies three files where variables are not properly initialized: `usercp_register.php` (variable `error_msg`), `login.php` (variable `forward_page`), and `search.php` (variable `list_cat`) [ref_id=1]. These variables are used in output without prior initialization, allowing an attacker to control their content via register_globals.

What the fix does

The advisory recommends upgrading to the new phpBB release that the vendor published on 30 October 2005 [ref_id=1]. No patch diff is provided in the bundle, but the fix would involve properly initializing the `error_msg`, `forward_page`, and `list_cat` variables before they are used in output, and hardening the global deregistration code to prevent the documented bypasses [ref_id=1].

Preconditions

  • configPHP register_globals must be enabled (the advisory notes this is the recommended setting for many hosters)
  • networkAttacker must be able to send HTTP GET, POST, or COOKIE parameters to the vulnerable scripts
  • authNo authentication required

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

12

News mentions

0

No linked articles in our index yet.