6 matches found
CVE-2002-1481
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php...
CVE-2002-1480
Cross-site scripting XSS vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry...
CVE-2002-1480
Cross-site scripting XSS vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry...
CVE-2002-1481
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php...
phpGB: mysql injection bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following mysql-injection-bug in phpGB: Details - ------- Product: phpGB Affected Version: 1.20 and maybe all versions before Immune Version: 1.40 OS affected: all OS with php Vendor-URL: http://www.walzl.net Vendor-Status:...
phpGB 1.x - SQL Injection
phpGB 1.x - SQL Injection source: https://www.securityfocus.com/bid/5673/info phpGB is vulnerable to a SQL injection vulnerability. The cause of the issue is that the bulletin board relies on the PHP magicquotesgpc directive to sanitize variables that are used in SQL queries. If magicquotesgpc is...