Phpbb@* Security Vulnerabilities and Issues — Phpbb@* CVE List

Phpbb GroupPhpbb*

7 matches found

CVE•added 2004/12/31 5:0 a.m.•194 views

CVE-2004-1315

Summary: CVE-2004-1315 affects phpBB 2.x prior to 2.0.11. The vulnerability stems from improper URL decoding of the highlight parameter in viewtopic.php, allowing a remote attacker to double-encode the highlight value so that PHP exec runs arbitrary code. Exploited in the wild by the Santy.A worm...

7.5CVSS7.2AI score0.85909EPSS

Web

CVE•added 2005/04/21 4:0 a.m.•53 views

CVE-2005-1196

CVE-2005-1196: SQL injection in phpBB Knowledge Base module kb.php via the cat parameter due to improper input sanitization. This allows remote attackers to modify SQL queries and potentially access sensitive data. Affected component is the Knowledge Base module for phpBB; the vulnerability is do...

7.5CVSS7.5AI score0.00334EPSS

CVE•added 2006/04/20 10:0 a.m.•49 views

CVE-2006-1896

CVE-2006-1896 concerns a vulnerability in phpbb2 where admin users with access to the Admin Panel can cause arbitrary PHP code execution via the Font Colour 3 setting due to insufficient input sanitisation. Debian/DSA-1066-1 documents that the issue arises from how values are sanitised for Font C...

6CVSS7AI score0.01319EPSS

CVE•added 2005/04/16 4:0 a.m.•48 views

CVE-2005-1116

CVE-2005-1116 is a documented XSS vulnerability in the phpBB Calendar module. The issue allows remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. The affected component is the phpBB Calendar integration; the root cause is improper sanitizati...

4.3CVSS5.8AI score0.00297EPSS

CVE•added 2006/05/15 4:0 p.m.•46 views

CVE-2006-2360

CVE-2006-2360 is an SQL injection vulnerability in the Chart Mod for phpBB, specifically in charts.php via the id parameter. Affected component is the Chart mod for phpBB; the root cause is improper input handling allowing the execution of arbitrary SQL commands by remote attackers. Documented im...

7.5CVSS8.4AI score0.00558EPSS

CVE•added 2006/05/15 4:0 p.m.•44 views

CVE-2006-2359

XSS vulnerability CVE-2006-2359 affects the phpBB Chart mod (charts.php) via the id parameter. The issue allows remote attackers to inject arbitrary script/HTML, with the note that it may stem from SQL injection. Base metrics indicate MEDIUM risk (CVSSv2: AV=N/AC=M/Au=N/C=N/I=P/A=N, base score 4....

4.3CVSS6.5AI score0.00558EPSS

CVE•added 2003/06/28 4:0 a.m.•39 views

CVE-2003-0484

CVE-2003-0484 is an XSS vulnerability in phpBB's viewtopic.php where an attacker can inject arbitrary script via the topic_id parameter. Affected: phpBB (viewtopic.php); Impact: partial confidentiality, integrity, and availability concerns at the browser level due to script execution. CVSS2 base ...

6.8CVSS6.2AI score0.00867EPSS