Phpbb@* Security Vulnerabilities and Issues — Phpbb@* CVE List

Lucene search

Phpbb GroupPhpbb*

10 matches found

CVE•added 2004/12/31 5:0 a.m.•177 views

CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which i...

7.5CVSS7.2AI score0.85909EPSS

CVE•added 2005/05/02 4:0 a.m.•41 views

CVE-2005-1196

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.

7.5CVSS7.5AI score0.00334EPSS

CVE•added 2003/08/07 4:0 a.m.•40 views

CVE-2003-0486

SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.

5CVSS7.8AI score0.01593EPSS

CVE•added 2006/04/20 10:2 a.m.•39 views

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not cla...

6CVSS7AI score0.01319EPSS

CVE•added 2005/05/02 4:0 a.m.•38 views

CVE-2005-1116

Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.

4.3CVSS5.8AI score0.00297EPSS

CVE•added 2006/05/15 4:6 p.m.•38 views

CVE-2006-2360

SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.4AI score0.00558EPSS

CVE•added 2006/05/02 10:2 a.m.•37 views

CVE-2006-2134

PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

5.1CVSS7.6AI score0.06324EPSS

CVE•added 2006/05/15 4:6 p.m.•35 views

CVE-2006-2359

Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.

4.3CVSS6.5AI score0.00558EPSS

CVE•added 2006/10/20 11:7 p.m.•35 views

CVE-2006-5435

PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use

7.5CVSS7.9AI score0.00612EPSS

CVE•added 2003/08/07 4:0 a.m.•32 views

CVE-2003-0484

Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.

6.8CVSS6.2AI score0.00867EPSS