Phpbb Security Vulnerabilities and Issues — Phpbb CVE List

Lucene search

Phpbb GroupPhpbb

11 matches found

CVE•added 2023/11/02 11:15 a.m.•77 views

CVE-2023-5917

A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be i...

6.1CVSS4.7AI score0.00086EPSS

CVE•added 2006/02/10 11:2 a.m.•57 views

CVE-2006-0632

The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing account...

6.4CVSS6.4AI score0.0098EPSS

CVE•added 2004/11/23 5:0 a.m.•44 views

CVE-2004-0339

Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.

6.8CVSS6.5AI score0.00828EPSS

CVE•added 2005/03/14 5:0 a.m.•39 views

CVE-2005-0259

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.

6.4CVSS6.2AI score0.00539EPSS

CVE•added 2006/04/20 10:2 a.m.•39 views

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not cla...

6CVSS7AI score0.01319EPSS

CVE•added 2006/12/10 11:28 a.m.•39 views

CVE-2006-6421

Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.

6CVSS5.3AI score0.015EPSS

CVE•added 2004/07/27 4:0 a.m.•38 views

CVE-2004-0730

Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as...

6.8CVSS5.8AI score0.01631EPSS

CVE•added 2006/12/14 12:28 a.m.•38 views

CVE-2006-6508

Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

6CVSS6.2AI score0.00466EPSS

CVE•added 2007/10/17 1:0 a.m.•37 views

CVE-2003-1373

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.

6.8CVSS7.2AI score0.00142EPSS

CVE•added 2003/08/07 4:0 a.m.•32 views

CVE-2003-0484

Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.

6.8CVSS6.2AI score0.00867EPSS

CVE•added 2006/04/20 10:2 a.m.•32 views

CVE-2006-1895

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, ...

6.5CVSS7.5AI score0.00365EPSS