CVE-2017-1000419

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

phpBB < 3.0.14, 3.1.x < 3.1.4 Open Redirect Vulnerability

phpBB is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...

Open Redirect

phpBB is vulnerable to open redirects. The library does not properly check user input URLs, allowing a malicious user to redirect users using the Google Chrome Browser to a malicious website...

CVE-2015-3880

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2015-3880

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

UBUNTU-CVE-2015-3880

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

Open redirect

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2015-3880

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2015-3880

CVE-2015-3880 refers to an Open Redirect vulnerability in phpBB prior to 3.0.14 and in 3.1.x prior to 3.1.4. Root cause is improper validation of user-supplied URLs, enabling an attacker to redirect victims (e.g., Chrome users) to arbitrary sites and facilitate phishing. Patches are available: ph...

phpBB < 3.1.11, 3.2.x < 3.2.1 Multiple Vulnerabilities

phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; if description...

phpBB 3.2.0 Server Side Request Forgery

phpBB version 3.2.0 suffers from a server-side request forgery vulnerability. ======================================================================= title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE number: impact: Medium homepage:...

phpBB 3.2.0 Server Side Request Forgery

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE number: impact: Medium homepage: https://www.phpbb.com/ found:...

Cross-site Request Forgery (CSRF)

phpbb/phpbb is vulnerable to cross-site request forgery CSRF attacks. These attacks are possible because the library does not correctly validate the form key in the messageoptions function in includes/ucp/ucppmoptions.php...

Cross-Site Scripting (XSS)

Phpbb is vulnerable to cross-site scripting XSS attacks. The attacks are possible because includes/startup.php does not sanitize the user-supplied input which allows trailing paths to be injected through "Relative Path Overwrite."...

phpbb.com XSS vulnerability

Vulnerable URL: https://www.phpbb.com/community/ucp.php?i=ucpprofile=profileinfo Details: Description| Value ---|--- Patched:| Yes, at 16.10.2017 Latest check for patch:| 16.10.2017 05:34 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 46000 VIP website status:|...

phpbb server-side request forgery vulnerability

phpBB is phpBB group developed a set of open-source use of PHP language development of Web forum software . The software has support for multiple languages , support for multiple databases and customized layout and so on. phpBB server-side request forgery vulnerability exists. Attackers can use...

VulnCheck KEV: CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...

GLSA-201701-25 : phpBB: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201701-25 phpBB: Multiple vulnerabilities Multiple vulnerabilities have been discovered in phpBB. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to change settings, inject...

phpBB: Multiple vulnerabilities

Background phpBB is an Open Source bulletin board package. Description Multiple vulnerabilities have been discovered in phpBB. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to change settings, inject arbitrary web script or HTML, or conduct...

phpBB 2.0.23 - From Variable Tampering to SQL Injection

Case Study Variable Tampering Among others, RIPS reported a variable tampering issue in the style configuration page for administrators. The GET parameter installto is used as the name of a variable. admin/adminstyles.php $installto = isset$HTTPGETVARS'installto' ? urldecode$HTTPGETVARS'installto...