CVE-2020-5501

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...

CVE-2020-5502

phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships...

CVE-2017-1000419

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

CVE-2019-13376

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...

CVE-2010-1630

Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."...

CVE-2010-1627

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum...

CVE-2002-2346

phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses...

CVE-2005-3537

A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs...

CVE-2025-32575

Cross-Site Request Forgery CSRF vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Reflected XSS.This issue affects WP w3all phpBB: from n/a through = 2.9.9...

CVE-2025-32274

Cross-Site Request Forgery CSRF vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Cross Site Request Forgery.This issue affects WP w3all phpBB: from n/a through = 2.9.8...

WordPress plugin WP w3all phpBB 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

CVE-2023-5917 phpBB Smiley Pack acp_icons.php main cross site scripting

A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be...

GHSA-JW8F-Q84G-R3VM phpBB vulnerable to sensitive information disclosure

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum...

GHSA-5CVH-XQHR-5G87 phpBB vulnerability related to use of "forum id" in circumstances related to a "global announcement."

Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."...

UBUNTU-CVE-2020-8226

A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...

PT-2020-20038 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions prior to 3.2.10 phpBB versions prior to 3.3.1 Description: A vulnerability exists that allows the remote image dimensions check to be used for Server-Side Request Forgery SSRF. Recommendations: For versions prior to 3.2.10,...

CVE-2011-0544

phpbb 3.0.x-3.0.6 has an XSS vulnerability via the flash BB tag...

phpBB Server-Side Request Forgery Vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists on the server side of the Remote Avatar feature in phpBB...

Server side request forgery (ssrf)

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

VulnCheck KEV: CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...