Phpbb Security Vulnerabilities and Issues — Phpbb CVE List

Lucene search

Phpbb GroupPhpbb

19 matches found

CVE•added 2005/05/10 4:0 a.m.•584 views

CVE-2004-1943

PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

7.5CVSS8AI score0.01676EPSS

CVE•added 2005/05/27 4:0 a.m.•52 views

CVE-2003-1216

SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.

7.5CVSS8.4AI score0.02978EPSS

CVE•added 2005/05/16 4:0 a.m.•51 views

CVE-2005-1193

The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (...

7.5CVSS7.4AI score0.27107EPSS

CVE•added 2005/05/27 4:0 a.m.•49 views

CVE-2003-1215

SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.

4.6CVSS7.5AI score0.00062EPSS

CVE•added 2005/05/02 4:0 a.m.•47 views

CVE-2005-0614

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.

7.5CVSS6.9AI score0.04491EPSS

CVE•added 2005/05/02 4:0 a.m.•43 views

CVE-2005-0673

Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are ...

4.3CVSS5.8AI score0.00335EPSS

CVE•added 2005/05/10 4:0 a.m.•42 views

CVE-2004-2055

Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.

4.3CVSS6AI score0.00444EPSS

CVE•added 2005/05/02 4:0 a.m.•41 views

CVE-2005-1196

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.

7.5CVSS7.5AI score0.00334EPSS

CVE•added 2005/05/10 4:0 a.m.•39 views

CVE-2004-1950

phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.

5CVSS6.6AI score0.00619EPSS

CVE•added 2005/05/02 4:0 a.m.•38 views

CVE-2005-0871

calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message.

5CVSS6.5AI score0.00477EPSS

CVE•added 2005/05/02 4:0 a.m.•38 views

CVE-2005-1115

Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.

4.3CVSS5.8AI score0.00409EPSS

CVE•added 2005/05/02 4:0 a.m.•38 views

CVE-2005-1116

Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.

4.3CVSS5.8AI score0.00297EPSS

CVE•added 2005/05/02 4:0 a.m.•37 views

CVE-2005-1290

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.

4.3CVSS5.8AI score0.00351EPSS

CVE•added 2005/05/02 4:0 a.m.•36 views

CVE-2005-1114

Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters.

7.5CVSS8.6AI score0.00743EPSS

CVE•added 2005/05/27 4:0 a.m.•35 views

CVE-2004-2130

Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables.

4.3CVSS6.4AI score0.06371EPSS

CVE•added 2005/05/02 4:0 a.m.•35 views

CVE-2005-0659

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.

5CVSS6.2AI score0.00477EPSS

CVE•added 2005/05/10 4:0 a.m.•34 views

CVE-2004-2054

CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.

5CVSS6.8AI score0.00563EPSS

CVE•added 2005/05/10 4:0 a.m.•32 views

CVE-2004-1809

Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.

4.3CVSS5.7AI score0.00558EPSS

CVE•added 2005/05/02 4:0 a.m.•30 views

CVE-2005-0872

Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter.

4.3CVSS5.8AI score0.01856EPSS