Lucene search
+L
Phpbb GroupPhpbb

19 matches found

CVE
CVE
added 2006/01/27 12:0 a.m.63 views

CVE-2006-0450

CVE-2006-0450 affects phpBB 2.0.19 and earlier. The vulnerability allows remote attackers to cause a denial of service (application crash) by either: (1) registering many users through profile.php, or (2) performing a specially crafted search via search.php that confuses the database. The impact ...

5CVSS6.7AI score0.05089EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.56 views

CVE-2005-0603

The CVE-2005-0603 entry concerns phpBB up to version 2.0.12 where the viewtopic.php endpoint mishandles the highlight parameter containing invalid regular expression syntax. This causes a PHP error message that reveals the installation path, constituting a path disclosure vulnerability. Affected ...

5CVSS6.2AI score0.0432EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.55 views

CVE-2004-1950

The CVE documents a vulnerability in phpBB 2.0.8a and earlier where the application trusts the IP address provided in the X-Forwarded-For HTTP header. This mis-trust lets remote attackers spoof the user’s apparent IP address. Affected software: phpBB 2.0.8a and older. Root cause: server-side code...

5CVSS6.6AI score0.01457EPSS
CVE
CVE
added 2005/02/22 5:0 a.m.55 views

CVE-2005-0258

CVE-2005-0258 is a directory traversal vulnerability in phpBB 2.0.11 (and possibly later versions) affecting the avatar handling paths when Gallery avatars are enabled. The issue resides in the code paths for usercp_avatar.php and usercp_register.php , where remote input can be manipulated with “...

5CVSS6.6AI score0.01831EPSS
CVE
CVE
added 2005/12/22 11:0 p.m.54 views

CVE-2005-3537

CVE-2005-3537 affects phpBB 2 before 2.0.18, with a missing input/request validation flaw that enables remote attackers to edit private messages of other users by tampering with parameters or inputs. Public records in multiple feeds (NVD, Debian DSA, Red Hat, OpenVAS listings) confirm the vulnera...

5CVSS6.3AI score0.01417EPSS
CVE
CVE
added 2005/12/20 1:0 a.m.53 views

CVE-2005-4358

CVE-2005-4358 affects phpBB 2.0.18. The vulnerability is in admin/admin_disallow.php where a direct request with a non-empty setmodules parameter leads to an invalid append_sid function call that leaks the installation path in an error message. Impact: remote attackers can obtain the path to the ...

5CVSS6.5AI score0.02081EPSS
Web
CVE
CVE
added 2005/06/21 4:0 a.m.52 views

CVE-2002-1707

Affected product: phpBB 2.0 (through 2.0.1). The vulnerability arises when both allow_url_fopen and register_globals are on and the attacker can modify the phpbb_root_dir to reference a URL on a remote server, enabling remote code execution. This is a remote, unauthenticated attack with impact de...

5CVSS8AI score0.01372EPSS
CVE
CVE
added 2003/06/28 4:0 a.m.52 views

CVE-2003-0486

The CVE covers a SQL injection in phpBB's viewtopic.php (topic_id parameter) affecting phpBB 2.0.5 and earlier. The root cause is improper handling of user-supplied topic_id, enabling an attacker to exfiltrate password hashes. Connectivity details in the provided documents indicate risk of remote...

5CVSS7.8AI score0.01949EPSS
CVE
CVE
added 2004/07/23 4:0 a.m.52 views

CVE-2004-0729

CVE-2004-0729 affects PhpBB 2.0.8. The vulnerability occurs when users supply invalid input via (1) category_rows to index.php, (2) faq to faq.php, or (3) ranksrow to profile.php, triggering error messages that reveal the full server path. The available documents confirm the component and origin ...

5CVSS6.9AI score0.01425EPSS
CVE
CVE
added 2006/05/02 10:0 a.m.51 views

CVE-2006-2134

CVE-2006-2134 describes a PHP remote file inclusion in the Knowledge Base Mod for PHPBB 2.0.2 and earlier. The vulnerability stems from the module_root_path parameter, allowing remote attackers to execute arbitrary PHP code via a crafted URL in that parameter. Affected component is the include fi...

5.1CVSS7.6AI score0.09499EPSS
Web
CVE
CVE
added 2005/03/07 5:0 a.m.50 views

CVE-2005-0659

CVE-2005-0659 affects phpBB 2.0.13 and earlier. A direct request to oracle.php can disclose the installation path via a PHP error message, enabling remote disclosure of sensitive information. This mode provides the vulnerability description, affected software, and the underlying cause (path discl...

5CVSS6.2AI score0.01548EPSS
CVE
CVE
added 2007/02/08 5:0 p.m.50 views

CVE-2006-2219

Summary: CVE-2006-2219 affects phpBB 2.0.20 . The issue arises because user-supplied input variable types are not verified before being passed to type-dependent functions, enabling information disclosure via error messages. Demonstrated with the mode parameter to memberlist.php and the highlight ...

5CVSS6.5AI score0.01464EPSS
CVE
CVE
added 2006/08/30 1:0 a.m.50 views

CVE-2006-4450

CVE-2006-4450 affects PHPBB 2.0.20 when avatar uploading is enabled: the usercp_avatar.php avatarurl parameter is used to fetch a URL via HTTP GET, enabling an attacker to co-opt the server as a web proxy. The public description specifies the exploit path and impact as a proxy-like use, with CVSS...

5.1CVSS6.7AI score0.04012EPSS
CVE
CVE
added 2005/03/26 5:0 a.m.49 views

CVE-2005-0871

The CVE-2005-0871 entry describes a vulnerability in the Topic Calendar 1.0.1 module for phpBB. When run on Microsoft IIS, remote attackers can obtain sensitive information by supplying invalid parameters, which cause error messages to reveal the server path. The affected component is calendar_sc...

5CVSS6.5AI score0.01548EPSS
CVE
CVE
added 2006/02/06 10:0 p.m.49 views

CVE-2006-0438

CVE-2006-0438 is a CSRF vulnerability in phpBB 2.0.19 where enabling Link to off-site Avatar or bbcode (IMG) allows an attacker to perform actions as a logged-in user via a link or image in a profile (e.g., admin/admin_users.php, modcp.php). The NVD entry lists a CVSSv2 base score of 5.0 (Medium)...

5CVSS6.8AI score0.02485EPSS
Web
CVE
CVE
added 2005/05/10 4:0 a.m.48 views

CVE-2004-2054

The CVE-2004-2054 issue affects phpBB versions 2.0.4 and 2.0.9, where a CRLF injection enables HTTP Response Splitting to alter server HTML content via the mode parameter in privmsg.php or the redirect parameter in login.php. OpenVAS notes additional context for phpBB

5CVSS6.8AI score0.02223EPSS
CVE
CVE
added 2005/11/24 11:0 a.m.48 views

CVE-2005-3799

The CVE-2005-3799 entry concerns phpBB version 2.0.18, where a large SQL query can cause an error message that reveals SQL syntax or the full installation path, enabling information disclosure to remote attackers. Documents consistently describe this as an information-leak through error text gene...

5CVSS6.7AI score0.01573EPSS
CVE
CVE
added 2002/06/11 4:0 a.m.47 views

CVE-2002-0533

CVE-2002-0533 affects phpBB 1.4.4 and earlier. The vulnerability lies in how BBCode handling processes [code] tags, allowing remote attackers to trigger CPU-based DoS and corrupt the database by inserting null ASCII 0 characters. The existing records indicate the issue and affected family, but th...

5CVSS7AI score0.01797EPSS
CVE
CVE
added 2002/06/11 4:0 a.m.45 views

CVE-2002-0475

The CVE-2002-0475 entry describes a cross-site scripting (XSS) vulnerability in phpBB versions 1.4.4 and earlier. The flaw allows remote attackers to cause arbitrary JavaScript execution on a user’s browser by embedding a script inside an IMG tag while editing a message. Affected software is phpB...

5.1CVSS7.3AI score0.01329EPSS