VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 27, 2006· Updated Jun 16, 2026

CVE-2006-0450

CVE-2006-0450

Description

phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

30
  • PhpBB/phpBB30 versions
    cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*
    • (no CPE)range: <=2.0.19

Patches

Vulnerability mechanics

Root cause

"Lack of rate limiting or input validation in profile.php and search.php allows an attacker to exhaust database or server resources through mass user registration or malformed search queries."

Attack vector

An unauthenticated remote attacker sends a high volume of HTTP POST requests to `profile.php` to register many new users, or sends crafted POST requests to `search.php?mode=results` with search keywords designed to confuse the database [ref_id=1]. The PoC code shows the attacker loops up to 9999 registration or search requests over TCP port 80, with no authentication required [ref_id=1]. The advisory notes that the attack may not work on all servers due to connection limits [ref_id=1].

Affected code

The vulnerability resides in two scripts: `profile.php` (user registration) and `search.php` (search functionality) [ref_id=1]. The advisory states that registering many users through `profile.php` or performing a search that "the database cannot understand" via `search.php` causes the application to crash [ref_id=1]. No patch files are provided in the bundle.

What the fix does

The advisory explicitly states "No fix available as of date" [ref_id=1]. No patch is included in the bundle. The only remediation implied is that server-side connection limits may mitigate the attack in practice, as noted by the SecurityReason comment [ref_id=1].

Preconditions

  • authNo authentication required; attacker can be remote
  • configTarget must be running phpBB 2.0.19 or earlier
  • networkAttacker must be able to reach the phpBB web server on TCP port 80
  • configFor the profile.php vector, visual confirmation must be disabled (type 1) or enabled (type 2) as selected in the PoC

Reproduction

The advisory includes a full Perl PoC script titled "phpBBDoSReloaded" [ref_id=1]. The script prompts for the target host (without http://), the path (e.g., /phpBB2/), and a flood type (1 for registration via profile.php, 2 for search via search.php). For type 1, it sends 9999 POST requests to profile.php with auto-generated usernames and emails. For type 2, it sends 9999 POST requests to search.php?mode=results with incrementing search keywords. Each request is sent over a raw TCP socket to port 80.

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.