CVE-2002-1707

Affected product: phpBB 2.0 (through 2.0.1). The vulnerability arises when both allow_url_fopen and register_globals are on and the attacker can modify the phpbb_root_dir to reference a URL on a remote server, enabling remote code execution. This is a remote, unauthenticated attack with impact de...

CVE-2002-1707

install.php in phpBB 2.0 through 2.0.1, when "allowurlfopen" and "registerglobals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootdir parameter to reference a URL on a remote web server that contains the code...

CVE-2001-1482

CVE-2001-1482 describes an SQL injection in phpBB 1.4.2, triggered via the $sortby parameter in bb_memberlist.php. The vulnerable component is the member list generation logic, where input is not sufficiently sanitized, allowing remote attackers to execute arbitrary SQL queries. The provided docu...

CVE-2001-1482

SQL injection vulnerability in bbmemberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable...

phpBB 2.0.* Discloses Path

phpBB 2.0. Раскрытие пути: /modcp.php?t=несуществующаятема...

[Full-disclosure] CastleCops phpBB bbcode Input Validation Disclosure

CASTLECOPS.COM SUMMARY bbcode input validation Severity: High CastleCops: http://castlecops.com/t123194-.html CVE: CAN-2005-1193 phpBB Security ID: 266 Bugtraq ID: 13545 Secunia : 15298 US-CERT VU: 113196 SecurityTracker : 1013918 Vulnerable: viewtopic.php, privmsg.php for phpBB 2.0.14 possible a...

php2014.txt

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 14 - 17/04/05 -------------------------------------------------------- Program: phpBB 2.0.14 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.14 & Lower versions Risk: Low Risk!! Impact:...

phpBBkbmod.txt

phpBB - Knowledge Base MOD SQL-Injection vulnerability and Full Path Disclosure Discovered by R and deluxe89 Discussion: The phpbb - Knowledge Base MOD has a relatively hard to exploit SQL-Injection vulnerability. However, an attacker can exploit this bug and receive informations from the databas...

CVE-2004-2130

Multiple cross-site scripting XSS vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the 1 folder or 2 mode variables...

CVE-2003-1216

SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the searchid parameter...

CVE-2003-1215

CVE-2003-1215 describes an SQL injection in phpBB’s groupcp.php affecting 2.0.6 and earlier, exploitable via the sql_in parameter. This allows group moderators to perform unauthorized activities. The vulnerability is documented across multiple sources (NVD, CVE list, and Nessus plugin), with an e...

CVE-2003-1215

SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sqlin parameter...

CVE-2004-2130

CVE-2004-2130 affects phpBB 2.0.6. The described vulnerability is multiple cross-site scripting (XSS) in privmsg.php, exploitable via the (1) folder or (2) mode parameters, allowing remote attackers to have their HTML/Script executed in a victim’s browser. The sources consistently cite XSS in php...

CVE-2003-1216

CVE-2003-1216 affects phpBB 2.0.6 and earlier, due to a SQL injection in the search.php handling of the search_id parameter. The vulnerability can allow remote attackers to execute arbitrary SQL and potentially gain privileges. Public details list the affected component as search.php in phpBB pri...

GLSA-200505-10 : phpBB: XSS Vulnerability

The remote host is affected by the vulnerability described in GLSA-200505-10 phpBB: XSS Vulnerability phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post,...

CVE-2005-1193

The bbencodesecondpass and makeclickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a 1 javascript:, 2 applet:, 3 about:, 4 activex:, 5 chrome:, or 6 script: UR...

CVE-2005-1193

The bbencodesecondpass and makeclickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a 1 javascript:, 2 applet:, 3 about:, 4 activex:, 5 chrome:, or 6 script: UR...

CVE-2005-1193

The bbencodesecondpass and makeclickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a 1 javascript:, 2 applet:, 3 about:, 4 activex:, 5 chrome:, or 6 script: UR...

CVE-2005-1193

The CVE-2005-1193 vulnerability affects phpBB up to version 2.0.14 (before 2.0.15). The bbencode_second_pass and make_clickable functions in bbcode.php fail to filter BBCode URLs, allowing remote attackers to execute arbitrary script via URL schemes such as javascript:, applet:, about:, activex:,...

phpBB: Cross-Site Scripting Vulnerability

Background phpBB is an Open Source bulletin board package. Description phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follo...