Phpbb Security Vulnerabilities and Issues — Phpbb CVE List

Lucene search

Phpbb GroupPhpbb

4 matches found

CVE•added 2005/12/22 11:3 p.m.•43 views

CVE-2005-3536

SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.

7.5CVSS8AI score0.00502EPSS

CVE•added 2005/12/22 11:3 p.m.•40 views

CVE-2005-3537

A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.

5CVSS6.3AI score0.0038EPSS

CVE•added 2005/12/20 1:3 a.m.•39 views

CVE-2005-4358

admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.

5CVSS6.5AI score0.01262EPSS

CVE•added 2005/12/20 1:3 a.m.•35 views

CVE-2005-4357

Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.

2.6CVSS5.6AI score0.01415EPSS