VulnCheck KEV: CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...

GLSA-201701-25 : phpBB: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201701-25 phpBB: Multiple vulnerabilities Multiple vulnerabilities have been discovered in phpBB. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to change settings, inject...

phpBB: Multiple vulnerabilities

Background phpBB is an Open Source bulletin board package. Description Multiple vulnerabilities have been discovered in phpBB. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to change settings, inject arbitrary web script or HTML, or conduct...

phpBB 2.0.23 - From Variable Tampering to SQL Injection

Case Study Variable Tampering Among others, RIPS reported a variable tampering issue in the style configuration page for administrators. The GET parameter installto is used as the name of a variable. admin/adminstyles.php $installto = isset$HTTPGETVARS'installto' ? urldecode$HTTPGETVARS'installto...

phpBB 2.0.23 - From Variable Tampering to SQL Injection

RIPS Analysis The forum phpBB2 consists of only 50,000 lines of code and RIPS took only 19 seconds for its in-depth security analysis to complete. It found various PHP object injection vulnerabilities which are less severe due to missing gadget chains. Further, many SQL injections are reported du...

Tapatalk Detection (HTTP)

HTTP based detection of Tapatalk. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.111039";...

phpBB 'functions.php' open redirect vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. An open redirect vulnerability exists in phpBB 'functions.php'. An attacker uses a crafted URL to attract...

phpBB 'includes/message_parser.php' HTML injection vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. An HTML injection vulnerability exists in versions prior to phpBB 3.0.8, which arises from the program's...

phpBB BBCode IMG Tag script injection vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A script injection vulnerability exists in phpBB because the program fails to adequately filter user-submitt...

CVE-2015-1432

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

CVE-2015-1431

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

Cross site request forgery (csrf)

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

UBUNTU-CVE-2015-1431

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

CVE-2015-1432

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

CVE-2015-1432

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

CVE-2015-1431

CVE-2015-1431 affects phpBB up to 3.0.12, with an XSS vulnerability in includes/startup.php exploitable via Relative Path Overwrite. The issue allows remote attackers to inject arbitrary script/HTML. The public details indicate the vulnerability exists in phpBB before 3.0.13 and has been addresse...

CVE-2015-1432

CVE-2015-1432 concerns phpBB

CVE-2015-1431

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

phpBB 3.1.1 deregister_globals() Bypass

When PHP's registerglobals configuration directive set on, phpBB will call deregisterglobals function, all global variables registered by PHP will be destroyed. But deregisterglobals functions can be bypassed. $input = arraymerge arraykeys$GET, arraykeys$POST, arraykeys$COOKIE, arraykeys$SERVER,...