5 matches found
CVE-2026-29199
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...
EUVD-2003-1363
Malware in sbrugna...
PT-2006-6154 · Phpbb · Phpbb
Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.10 and earlier Description: A remote file inclusion issue allows attackers to execute arbitrary PHP code. This is achieved by providing a URL in the phpbb root path parameter. Recommendations: For versions 2.0.10 and earlie...
phpBB 2.0.13 - user level exploit
This one goes for all phpBB versions up to 2.0.13. While applying and testing the patch for the autologin bug I found that phpBB2 doesn't reset the $userdata'userlevel' variable after a failed autologin. This is the vulvernable code in sessions.php: if $userid != ANONYMOUS $autologinkey =...
XSS vulnerability in phpBB
Hi, I have found a dangerous vunlerability in phpBB. I've verified that versions 2.0.5 and 2.0.4 AFAIK the two latest versions are affected, but probably more versions are vulnerable. If HTML is enabled for postings, a user can post a link like this: a...