Is CVE-2006-2219 actively exploited?

CVE-2006-2219 has no public evidence of in-the-wild exploitation as of 2025-04-09.

What is the CVSS score for CVE-2006-2219?

CVE-2006-2219 has a CVSS score of 5 (UNKNOWN severity). Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P.

How do I patch CVE-2006-2219?

Patch guidance is available from phpbb group security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2006-2219.

CVE-2006-2219 - remediation guidance & executive summary

Description

phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.

CVSS Metrics

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector: network
Access Cmplx: low
Auth: none
Confidentiality: none
Integrity: none
Availability: partial
Weaknesses: CWE-20 · Improper Input Validation

Metadata

Primary Vendor: PHPBB_GROUP
Published: 2/8/2007
Last Modified: 4/9/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2006-2219

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary