CVE-2006-5435

The CVE concerns PHP remote file inclusion in phpBB prior to version 2.0.11, specifically via groupcp.php. Affected software: phpBB 2.0.10 and earlier. Vulnerability: an attacker can supply a URL in the phpbb_root_path parameter, enabling remote code execution because PHP file inclusion occurs wi...

PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability

PhpBB=2.0.10 groupcp.php Remote File Include Vulnerability Source Code: http://www.comscripts.com/jump.php?action=script&id=666 Vulnerable Code: include$phpbbrootpath . 'includes/pageheader.'.$phpEx; ; Exploit : http://www.vicTim.com/PhpBB/groupcp.php?phpbbrootpath=shell.txt? Discoverd By :...

CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...

CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...

CVE-2006-1775

CVE-2006-1775 affects phpBB 2.0.19 with multiple XSS vulnerabilities. The affected inputs are: (1) Site Description in admin_board.php, (2) Group name and (3) Group description in admin_groups.php and groupcp.php, (4) Theme Name in admin_styles.php, and (5) Rank Title in admin_ranks.php. The note...

CVE-2003-1215

CVE-2003-1215 describes an SQL injection in phpBB’s groupcp.php affecting 2.0.6 and earlier, exploitable via the sql_in parameter. This allows group moderators to perform unauthorized activities. The vulnerability is documented across multiple sources (NVD, CVE list, and Nessus plugin), with an e...

PHPBB2 Plus 1.5 - GroupCP.php Cross-Site Scripting

PHPBB2 Plus 1.5 - GroupCP.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13149/info phpBB2 Plus is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue ...

PHPBB2 Plus 1.5 - 'GroupCP.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13149/info phpBB2 Plus is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the brows...