19 matches found
CVE-2006-0450
CVE-2006-0450 affects phpBB 2.0.19 and earlier. The vulnerability allows remote attackers to cause a denial of service (application crash) by either: (1) registering many users through profile.php, or (2) performing a specially crafted search via search.php that confuses the database. The impact ...
CVE-2005-0603
The CVE-2005-0603 entry concerns phpBB up to version 2.0.12 where the viewtopic.php endpoint mishandles the highlight parameter containing invalid regular expression syntax. This causes a PHP error message that reveals the installation path, constituting a path disclosure vulnerability. Affected ...
CVE-2004-1950
The CVE documents a vulnerability in phpBB 2.0.8a and earlier where the application trusts the IP address provided in the X-Forwarded-For HTTP header. This mis-trust lets remote attackers spoof the user’s apparent IP address. Affected software: phpBB 2.0.8a and older. Root cause: server-side code...
CVE-2005-0258
CVE-2005-0258 is a directory traversal vulnerability in phpBB 2.0.11 (and possibly later versions) affecting the avatar handling paths when Gallery avatars are enabled. The issue resides in the code paths for usercp_avatar.php and usercp_register.php , where remote input can be manipulated with “...
CVE-2005-3537
CVE-2005-3537 affects phpBB 2 before 2.0.18, with a missing input/request validation flaw that enables remote attackers to edit private messages of other users by tampering with parameters or inputs. Public records in multiple feeds (NVD, Debian DSA, Red Hat, OpenVAS listings) confirm the vulnera...
CVE-2005-4358
CVE-2005-4358 affects phpBB 2.0.18. The vulnerability is in admin/admin_disallow.php where a direct request with a non-empty setmodules parameter leads to an invalid append_sid function call that leaks the installation path in an error message. Impact: remote attackers can obtain the path to the ...
CVE-2002-1707
Affected product: phpBB 2.0 (through 2.0.1). The vulnerability arises when both allow_url_fopen and register_globals are on and the attacker can modify the phpbb_root_dir to reference a URL on a remote server, enabling remote code execution. This is a remote, unauthenticated attack with impact de...
CVE-2003-0486
The CVE covers a SQL injection in phpBB's viewtopic.php (topic_id parameter) affecting phpBB 2.0.5 and earlier. The root cause is improper handling of user-supplied topic_id, enabling an attacker to exfiltrate password hashes. Connectivity details in the provided documents indicate risk of remote...
CVE-2004-0729
CVE-2004-0729 affects PhpBB 2.0.8. The vulnerability occurs when users supply invalid input via (1) category_rows to index.php, (2) faq to faq.php, or (3) ranksrow to profile.php, triggering error messages that reveal the full server path. The available documents confirm the component and origin ...
CVE-2006-2134
CVE-2006-2134 describes a PHP remote file inclusion in the Knowledge Base Mod for PHPBB 2.0.2 and earlier. The vulnerability stems from the module_root_path parameter, allowing remote attackers to execute arbitrary PHP code via a crafted URL in that parameter. Affected component is the include fi...
CVE-2005-0659
CVE-2005-0659 affects phpBB 2.0.13 and earlier. A direct request to oracle.php can disclose the installation path via a PHP error message, enabling remote disclosure of sensitive information. This mode provides the vulnerability description, affected software, and the underlying cause (path discl...
CVE-2006-2219
Summary: CVE-2006-2219 affects phpBB 2.0.20 . The issue arises because user-supplied input variable types are not verified before being passed to type-dependent functions, enabling information disclosure via error messages. Demonstrated with the mode parameter to memberlist.php and the highlight ...
CVE-2006-4450
CVE-2006-4450 affects PHPBB 2.0.20 when avatar uploading is enabled: the usercp_avatar.php avatarurl parameter is used to fetch a URL via HTTP GET, enabling an attacker to co-opt the server as a web proxy. The public description specifies the exploit path and impact as a proxy-like use, with CVSS...
CVE-2005-0871
The CVE-2005-0871 entry describes a vulnerability in the Topic Calendar 1.0.1 module for phpBB. When run on Microsoft IIS, remote attackers can obtain sensitive information by supplying invalid parameters, which cause error messages to reveal the server path. The affected component is calendar_sc...
CVE-2006-0438
CVE-2006-0438 is a CSRF vulnerability in phpBB 2.0.19 where enabling Link to off-site Avatar or bbcode (IMG) allows an attacker to perform actions as a logged-in user via a link or image in a profile (e.g., admin/admin_users.php, modcp.php). The NVD entry lists a CVSSv2 base score of 5.0 (Medium)...
CVE-2004-2054
The CVE-2004-2054 issue affects phpBB versions 2.0.4 and 2.0.9, where a CRLF injection enables HTTP Response Splitting to alter server HTML content via the mode parameter in privmsg.php or the redirect parameter in login.php. OpenVAS notes additional context for phpBB
CVE-2005-3799
The CVE-2005-3799 entry concerns phpBB version 2.0.18, where a large SQL query can cause an error message that reveals SQL syntax or the full installation path, enabling information disclosure to remote attackers. Documents consistently describe this as an information-leak through error text gene...
CVE-2002-0533
CVE-2002-0533 affects phpBB 1.4.4 and earlier. The vulnerability lies in how BBCode handling processes [code] tags, allowing remote attackers to trigger CPU-based DoS and corrupt the database by inserting null ASCII 0 characters. The existing records indicate the issue and affected family, but th...
CVE-2002-0475
The CVE-2002-0475 entry describes a cross-site scripting (XSS) vulnerability in phpBB versions 1.4.4 and earlier. The flaw allows remote attackers to cause arbitrary JavaScript execution on a user’s browser by embedding a script inside an IMG tag while editing a message. Affected software is phpB...