70 matches found
CVE-2020-5501
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...
CVE-2020-5502
phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships...
CVE-2020-5501
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...
phpBB < 3.2.6 Multiple Vulnerabilities
phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...
CVE-2015-1431
Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...
phpBB Security <= 1.0.1 (php_security.php) Remote File Include Exploit
No description provided by source. !/usr/bin/perl phpBB Security 1.0.1 Class: Remote File Include Vulnerability Date: 2006/10/12 Remote: Yes Type: high Site: http://www.phpbb-amod.com/downloads/phpBBSecurity.zip...
CVE-2010-1627
feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum...
phpbb 2.0.13 oracle.php 路径泄漏漏洞
No description provided by source...
phpbb 2.0.13 up.php 文件上传漏洞
No description provided by source...
phpbb 2.0.5 viewtopic.php Sql注入
No description provided by source...
phpBB <2.0.7 viewtopic.php 跨站脚本漏洞
No description provided by source...
phpbb 2.0.8 admin-board.php Sql注入
No description provided by source...
phpbb 2.0.6 Sql注入
No description provided by source...
CVE-2008-1766
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."...
CVE-2006-7090
PHP remote file inclusion vulnerability in phpbbsecurity.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phprootpath parameter...
CVE-2006-7090
PHP remote file inclusion vulnerability in phpbbsecurity.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phprootpath parameter...
CVE-2006-7090
The CVE-2006-7090 entry concerns phpBB Security (the phpbb_security.php component) in version 1.0.1 and earlier. The vulnerability is a PHP Remote File Inclusion via a tainted php_root_path parameter, enabling remote attackers to execute arbitrary PHP code on affected systems. Documents explicitl...
CVE-2006-2219
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the 1 mode parameter to memberlist.php and the 2 highlight parameter to viewtopic.php that are used a...
CVE-2006-6841
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors...