Phpbb@1.4.0 Security Vulnerabilities and Issues — Phpbb@1.4.0 CVE List

Lucene search

Phpbb GroupPhpbb1.4.0

11 matches found

CVE•added 2004/12/31 5:0 a.m.•177 views

CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which i...

7.5CVSS7.2AI score0.85909EPSS

CVE•added 2005/05/27 4:0 a.m.•51 views

CVE-2003-1216

SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.

7.5CVSS8.4AI score0.02225EPSS

CVE•added 2005/05/27 4:0 a.m.•49 views

CVE-2003-1215

SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.

4.6CVSS7.5AI score0.00062EPSS

CVE•added 2005/08/16 4:0 a.m.•48 views

CVE-2004-2350

SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.

7.5CVSS8.8AI score0.00535EPSS

CVE•added 2005/05/02 4:0 a.m.•47 views

CVE-2005-0614

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.

7.5CVSS6.9AI score0.04491EPSS

CVE•added 2005/04/21 4:0 a.m.•43 views

CVE-2001-1472

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

4.6CVSS8.5AI score0.00835EPSS

CVE•added 2007/10/17 1:0 a.m.•37 views

CVE-2003-1373

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.

6.8CVSS7.2AI score0.00142EPSS

CVE•added 2006/05/02 10:2 a.m.•37 views

CVE-2006-2134

PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

5.1CVSS7.6AI score0.06324EPSS

CVE•added 2005/05/02 4:0 a.m.•35 views

CVE-2005-0659

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.

5CVSS6.2AI score0.00477EPSS

CVE•added 2002/08/12 4:0 a.m.•34 views

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.

5CVSS7AI score0.01498EPSS

CVE•added 2002/08/12 4:0 a.m.•33 views

CVE-2002-0475

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.

5.1CVSS7.3AI score0.00846EPSS