CVE-2005-4358
Description
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
Root cause
"Call to an undefined function `append_sid()` in `admin/admin_disallow.php` when the `$setmodules` parameter is non-empty."
Attack vector
An attacker sends a direct HTTP GET request to `admin/admin_disallow.php?setmodules=1` [ref_id=1]. The `$setmodules` parameter is registered via PHP's `register_globals` (must be `On`), and the server must have `display_errors` enabled. The call to the undefined function `append_sid()` triggers a fatal error whose message includes the full filesystem path of the script, revealing the installation directory.
Affected code
The vulnerability is in `admin/admin_disallow.php` in phpBB 2.0.18. The file calls `append_sid()` (a non-existent function) when the `$setmodules` parameter is non-empty, causing a fatal error that leaks the installation path.
What the fix does
The advisory does not provide a patch, but the root cause is clear: `admin/admin_disallow.php` calls `append_sid()` without first including or defining that function [ref_id=1]. The fix would be to either include the appropriate phpBB common file that defines `append_sid()` before the conditional block, or to guard the block so it only executes when the required function is available. No official patch is shown in the bundle.
Preconditions
- configPHP register_globals must be enabled
- configPHP display_errors must be enabled
- networkAttacker must be able to send HTTP requests to the server
- inputThe request must include a non-empty setmodules parameter
Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- secunia.com/advisories/18125nvdVendor Advisory
- secunia.com/advisories/18252nvdVendor Advisory
- marc.infonvd
- securityreason.com/achievement_securityalert/29nvd
- securityreason.com/securityalert/269nvd
- www.osvdb.org/21804nvd
- www.phpbb.com/phpBB/viewtopic.phpnvd
- www.securityfocus.com/archive/1/420537/100/0/threadednvd
- www.vupen.com/english/advisories/2005/2991nvd
- www.vupen.com/english/advisories/2006/0010nvd
News mentions
0No linked articles in our index yet.