CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

EUVD-2023-60241

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration...

CVE-2025-29460

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

D-Forum (PHP)

Informations : °°°°°°°°°°°°°° Website : http://www.adalis.fr/adalis.html Versions : 1.00 - 1.11 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° /includes/header.php3 : --------------------------- ?php if $myheader!="" include $myheader; else ? ... --------------------------...