Phpbb Security Vulnerabilities and Issues — Phpbb CVE List

Lucene search

Phpbb GroupPhpbb

9 matches found

CVE•added 2005/11/01 9:2 p.m.•55 views

CVE-2005-3418

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not init...

4.3CVSS5.5AI score0.01451EPSS

CVE•added 2005/11/01 9:2 p.m.•48 views

CVE-2005-3415

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.

7.5CVSS6.3AI score0.01078EPSS

CVE•added 2005/11/01 9:2 p.m.•48 views

CVE-2005-3416

phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge fu...

7.5CVSS6.4AI score0.00842EPSS

CVE•added 2005/11/01 9:2 p.m.•46 views

CVE-2005-3417

phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.

7.5CVSS6.5AI score0.00842EPSS

CVE•added 2005/11/01 9:2 p.m.•46 views

CVE-2005-3419

SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.

7.5CVSS8AI score0.01314EPSS

CVE•added 2005/11/01 9:2 p.m.•42 views

CVE-2005-3420

usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.

7.5CVSS6.7AI score0.02323EPSS

CVE•added 2005/11/16 9:17 p.m.•39 views

CVE-2002-2176

SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.

10CVSS8.3AI score0.00688EPSS

CVE•added 2005/11/24 11:3 a.m.•36 views

CVE-2005-3799

phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.

5CVSS6.7AI score0.00462EPSS

CVE•added 2005/11/16 7:37 a.m.•33 views

CVE-2003-1244

SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.

7.5CVSS8.3AI score0.01164EPSS