phpBB Server-Side Request Forgery (SSRF)

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

phpBB Remote Code Execution

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...

GHSA-H3MR-Q96R-37V4 phpBB Remote Code Execution

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...

Tapatalk Plugins PHP Object Injection Vulnerability

PHP object injection vulnerability in all Tapatalk plugins that can allow attackers to execute PHP code, perform SQL injection, or cause denial of service conditions. Tapatalk Plugins PHP Object Injection dH team discovered PHP Object Injection vulnerability in all Tapatalk plugins, which is allo...

Tapatalk Plugins PHP Object Injection

Advisory: Tapatalk Plugins PHP Object Injection dH team discovered PHP Object Injection vulnerability in all Tapatalk plugins, which is allow to attackers execute PHP code, SQL injection or Denial of Service. No authorization or some extra steps need, so vulnerability considered critical. Details...

phpBB User Enumeration

In a default phpBB installation there are unauthenticated methods to enumerate member usernames. These phpBB users can then be used in brute-force attacks against phpBB login page to guess passwords. No source data...

phpBB Directories Information Disclosure

phpBB sensitive directories have been detected on the target phpBB installation. This may present an attacker with sensitive information to mount further attacks. No source data...

Mail.ru: [titans.3clans.ru] phpBB 3.0.8 - Захват аккаунта администратора + удалённое выполнение кода.

Наткнулся на сайт http://titans.3clans.ru, он стоит на 188.93.63.60 hostname: newsdclans.ext.terrhq.ru Везде весело мыло админа [email protected], вбив его в интернете, я нашёл пароли от почты. К форуму подошла такая комбинация: Negasus:43046721 Дальше идём в админ-панель, "/adm/index.php", в...

phpBB < 3.2.11, 3.3.x < 3.3.2 Multiple Vulnerabilities

phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...

phpBB End of Life (EOL) Detection

The installed version of phpBB on the remote host has reached the End of Life EOL and should not be used anymore. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

phpBB: Server Side Request Forgery in 'Jabber settings' in Admin Control Panel

Overview The 'Jabber settings' panel inside the Administrator Control Panel can be used to access resources that would otherwise only be accessible by the host machine, including resources/services hosted on the localhost interface. This can be performed by setting the 'jabber server' parameter t...

Server-side Request Forgery (SSRF)

phpBB is vulnerable to server side request forgery SSRF. The vulnerability exists as it does not properly limit the dimensions of images posted, allowing an attacker to use the image dimension check function to send requests on behalf of the server...

phpBB server-side request forgery vulnerability (CNVD-2020-47956)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A security vulnerability exists in phpBB versions prior to v3.2.10 and v3.3.1. An attacker can exploit this vulnerability to obtai...

CVE-2020-8226

A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...

CVE-2020-8226

A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...

CVE-2020-8226

A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...

UBUNTU-CVE-2020-8226

A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...

Server side request forgery (ssrf)

A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...

CVE-2020-8226

A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...

CVE-2020-8226

CVE-2020-8226 affects phpBB via a Server-Side Request Forgery (SSRF) vulnerability in the remote image dimensions check. Affected versions are phpBB &lt; v3.2.10 and