SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.
8.4AI Score
0.003EPSS
Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename ...
7.7AI Score
0.003EPSS
SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action.
8.3AI Score
0.011EPSS