2180 matches found
CVE-2019-9826
The fulltext search component in phpBB before 3.2.6 allows Denial of Service...
Denial Of Service (DoS)
phpbb/phpbb is vulnerable to denial of service. A remote attacker is able to crash the application by submitting malicious wildcard input to the keywords URL parameter in search.php. This is due to a lack of proper input validation...
phpBB 3.2.3 - Remote Code Execution Exploit
Exploit for php platform in category web applications phpBB 3.2.3 - Remote Code Execution Exploit // All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath =...
phpBB 3.2.3 Remote Code Execution
// All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath = 'phar://./../files/plupload/$saltaaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5'evil.zip' = aaae9cba5fdadb1f0c384934cd20d11czip // you...
phpBB 3.2.3 - Remote Code Execution
// All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath = 'phar://./../files/plupload/$saltaaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5'evil.zip' = aaae9cba5fdadb1f0c384934cd20d11czip // you...
phpBB < 3.2.4 RCE Vulnerability
phpBB is prone to a remote code execution RCE vulnerability through object injection. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
phpBB 3.2.3: Phar Deserialization to RCE
Impact phpBB is one of the oldest and most popular board software. If an attacker aims to take over a board running phpBB3, he will usually attempt to gain access to the admin control panel by means of bruteforcing, phishing or XSS vulnerabilities in plugins that the target site has installed. Bu...
Remote Code Execution (RCE)
phpbb/phpbb is vulnerable to a remote code execution RCE attack. The vulnerability exists because the library defines an absolute path when importing the ImageMagick library. A malicious user with admin access permission is allowed to pass a .phar file that when deserialized, injects and executes...
phpBB Remote Code Execution Vulnerability
phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. phpBB has a remote code execution vulnerability. An attacker can exploit this vulnerability to execute code...
CVE-2018-19274
Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...
Remote code execution
Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...
CVE-2018-19274
Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...
CVE-2018-19274
Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...
UBUNTU-CVE-2018-19274
Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...
CVE-2018-19274
CVE-2018-19274 affects phpBB < 3.2.4: remote code execution via Phar deserialization when an attacker with founder permissions can access the Admin Control Panel. The issue arises from using an absolute path in a file_exists check, enabling Object Injection. NVD data shows CVSSv3.1 base score ...
CVE-2018-19274
Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...
Icyphoenix 2.2.0.105 SQL Injection Vulnerability
Exploit for php platform in category web applications Document Title: =============== Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities Product & Service Introduction: =============================== Icy Phoenix is a CMS based on phpBB engine a fully scalable and highly customisable...
Icyphoenix 2.2.0.105 SQL Injection
Document Title: =============== Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2006 Release Date: ============= 2018-01-03 Vulnerability Laboratory ID VL-ID:...
phpBB Server-Side Request Forgery Vulnerability
phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists on the server side of the Remote Avatar feature in phpBB...
CVE-2017-1000419
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...