2 matches found
CVE-2003-1215
CVE-2003-1215 describes an SQL injection in phpBB’s groupcp.php affecting 2.0.6 and earlier, exploitable via the sql_in parameter. This allows group moderators to perform unauthorized activities. The vulnerability is documented across multiple sources (NVD, CVE list, and Nessus plugin), with an e...
phpBB < 2.0.7 Multiple Script SQL Injection
The remote host is running a version of phpBB older than 2.0.7. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands, which may in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user...