Lucene search
K
Phpbb GroupPhpbb

24 matches found

CVE
CVE
added 2005/05/10 4:0 a.m.596 views

CVE-2004-1943

CVE-2004-1943 describes a PHP remote file inclusion in album_portal.php for phpBB modified by Przemo 1.8. The vulnerability allows remote attackers to execute arbitrary PHP code by supplying a crafted phpbb_root_path parameter. The details come from NVD/CVE records; no additional exploit, mitigat...

7.5CVSS8AI score0.02562EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.199 views

CVE-2004-1315

Summary: CVE-2004-1315 affects phpBB 2.x prior to 2.0.11. The vulnerability stems from improper URL decoding of the highlight parameter in viewtopic.php, allowing a remote attacker to double-encode the highlight value so that PHP exec runs arbitrary code. Exploited in the wild by the Santy.A worm...

7.5CVSS7.2AI score0.72096EPSS
Web
CVE
CVE
added 2005/05/27 4:0 a.m.69 views

CVE-2003-1216

CVE-2003-1216 affects phpBB 2.0.6 and earlier, due to a SQL injection in the search.php handling of the search_id parameter. The vulnerability can allow remote attackers to execute arbitrary SQL and potentially gain privileges. Public details list the affected component as search.php in phpBB pri...

7.5CVSS8.4AI score0.01789EPSS
CVE
CVE
added 2005/06/30 4:0 a.m.64 views

CVE-2005-2086

Summary of concrete details (CVE-2005-2086) : The phpBB viewtopic.php vulnerability is an arbitrary code execution flaw affecting phpBB 2.0.4 through 2.0.15 (inclusive). The root cause involves improper handling of the highlight parameter in viewtopic.php, enabling PHP code execution on vulnerabl...

7.5CVSS7.1AI score0.85366EPSS
CVE
CVE
added 2005/11/01 9:0 p.m.64 views

CVE-2005-3415

CVE-2005-3415 affects phpBB 2.0.17 and earlier, where remote attackers can bypass protection by setting a GET/POST/COOKIE variable and a GLOBALS[] variable with the same name, causing GLOBALS[] to be unset while the GPC variable remains. This can manipulate phpBB behavior. The OpenVAS and Debian ...

7.5CVSS6.3AI score0.02367EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.63 views

CVE-2004-2350

The CVE-2004-2350 entry pertains to an SQL injection in phpBB’s search.php affecting phpBB 1.0 through 2.0.6 via the search_results parameter. The underlying vulnerability allows remote attackers to execute arbitrary SQL and potentially gain privileges, as described in the fixed-text CVE descript...

7.5CVSS8.8AI score0.01215EPSS
CVE
CVE
added 2005/05/16 4:0 a.m.62 views

CVE-2005-1193

The CVE-2005-1193 vulnerability affects phpBB up to version 2.0.14 (before 2.0.15). The bbencode_second_pass and make_clickable functions in bbcode.php fail to filter BBCode URLs, allowing remote attackers to execute arbitrary script via URL schemes such as javascript:, applet:, about:, activex:,...

7.5CVSS7.4AI score0.1636EPSS
CVE
CVE
added 2005/03/03 5:0 a.m.61 views

CVE-2005-0614

Affected software/component: phpBB (versions

7.5CVSS6.9AI score0.0755EPSS
CVE
CVE
added 2005/11/01 9:0 p.m.59 views

CVE-2005-3416

CVE-2005-3416 affects phpBB up to version 2.0.17 (and earlier) where, if register_globals is enabled and session handling omits a call to session_start, an attacker can bypass security checks by assigning strings to $_SESSION and $HTTP_SESSION_VARS, which causes an array_merge to fail. OpenVAS/De...

7.5CVSS6.4AI score0.02305EPSS
CVE
CVE
added 2005/11/01 9:0 p.m.59 views

CVE-2005-3417

The issue concerns phpBB 2.0.x (2.0.17 and earlier). CVE-2005-3417 is documented as allowing remote attackers to modify global variables and bypass security when certain PHP globals behavior is altered. OpenVAS and Debian/FreeBSD advisories confirm a set of related flaws (CVE-2005-3310, 3415, 341...

7.5CVSS6.5AI score0.02305EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.57 views

CVE-2005-1196

CVE-2005-1196: SQL injection in phpBB Knowledge Base module kb.php via the cat parameter due to improper input sanitization. This allows remote attackers to modify SQL queries and potentially access sensitive data. Affected component is the Knowledge Base module for phpBB; the vulnerability is do...

7.5CVSS7.5AI score0.0198EPSS
CVE
CVE
added 2005/11/01 9:0 p.m.57 views

CVE-2005-3419

CVE-2005-3419 is a SQL injection vulnerability in phpBB2 (phpBB 2.0.x). The Debian advisory DSA-925-1 and OpenVAS entries enumerate that phpBB2 could be affected via the signature_bbcode_uid parameter, enabling remote attackers to execute arbitrary SQL commands. The issue is listed among multiple...

7.5CVSS8AI score0.01853EPSS
CVE
CVE
added 2005/02/19 5:0 a.m.56 views

CVE-2004-1535

The CVE-2004-1535 issue affects the Cash Mod for phpBB, where admin_cash.php is vulnerable to remote file inclusion via the phpbb_root_path parameter, allowing an attacker to instruct the server to include PHP code from a remote URL and execute arbitrary code. This results in remote code executio...

7.5CVSS7.6AI score0.06327EPSS
CVE
CVE
added 2005/11/01 9:0 p.m.56 views

CVE-2005-3420

CVE-2005-3420 affects phpBB 2.0.x (notably phpBB 2.0.17) via the signature_bbcode_uid parameter in usercp_register.php, allowing remote attackers to modify regular expressions and execute PHP code. Debian and OpenVAS advisories group this with multiple phpBB vulnerabilities; Debian fixes upgrade ...

7.5CVSS6.7AI score0.02367EPSS
CVE
CVE
added 2005/12/22 11:0 p.m.55 views

CVE-2005-3536

CVE-2005-3536 : SQL injection in phpBB 2 prior to 2.0.18 via the topic type. Multiple connected advisories (Debian DSA-925-1, OpenVAS entries) confirm the vulnerability and suggest patching phpBB2 packages; remediation involves upgrading to the fixed phpBB version per the advisories. The affected...

7.5CVSS8AI score0.01271EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.53 views

CVE-2001-1482

CVE-2001-1482 describes an SQL injection in phpBB 1.4.2, triggered via the $sortby parameter in bb_memberlist.php. The vulnerable component is the member list generation logic, where input is not sufficiently sanitized, allowing remote attackers to execute arbitrary SQL queries. The provided docu...

7.5CVSS8.6AI score0.0123EPSS
CVE
CVE
added 2006/06/06 8:3 p.m.53 views

CVE-2006-2865

The CVE-2006-2865 issue concerns phpBB 2 with a remote file inclusion in template.php via the page parameter, enabling an attacker to execute arbitrary PHP code. Concrete details from connected sources confirm the affected software (phpBB 2) and the vulnerable component (template.php) with the ro...

7.5CVSS7.6AI score0.0282EPSS
CVE
CVE
added 2005/04/16 4:0 a.m.49 views

CVE-2005-1114

CVE-2005-1114 affects Photo Album 2.0.53 for phpBB; multiple SQL injection vulnerabilities exist in album_search.php that let remote attackers execute arbitrary SQL via the (1) mode or (2) search parameters. The NVD entry lists a base score of 7.5 (HIGH) with network attack vector and no authenti...

7.5CVSS8.6AI score0.01324EPSS
CVE
CVE
added 2006/05/15 4:0 p.m.49 views

CVE-2006-2360

CVE-2006-2360 is an SQL injection vulnerability in the Chart Mod for phpBB, specifically in charts.php via the id parameter. Affected component is the Chart mod for phpBB; the root cause is improper input handling allowing the execution of arbitrary SQL commands by remote attackers. Documented im...

7.5CVSS8.4AI score0.01123EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.48 views

CVE-2002-0902

CVE-2002-0902 describes a cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2). An attacker can cause script execution in other phpBB users’ browsers by inserting a http:// and a double-quote (") into an IMG tag, bypassing phpBB’s security check, which terminates the src parameter of the IM...

7.5CVSS6.9AI score0.07157EPSS
CVE
CVE
added 2005/04/12 4:0 a.m.48 views

CVE-2005-1047

CVE-2005-1047 concerns a vulnerability in the phpBB 2.0.x up.php file upload mod. The issue is that the upload script does not properly restrict file types, allowing remote authenticated users to upload executable PHP files and subsequently access them from the uploads directory to execute arbitr...

7.5CVSS7.4AI score0.02057EPSS
CVE
CVE
added 2006/10/09 7:0 p.m.47 views

CVE-2006-5209

The CVE-2006-5209 entry describes a PHP remote file inclusion in Admin Topic Action Logging Mod 0.95 and earlier, used with phpBB 2.0 up to 2.0.21. The vulnerability allows remote attackers to execute arbitrary PHP code via a URL supplied to the phpbb_root_path parameter in admin/admin_topic_acti...

7.5CVSS7.9AI score0.02276EPSS
Web
CVE
CVE
added 2006/10/20 11:0 p.m.47 views

CVE-2006-5435

The CVE concerns PHP remote file inclusion in phpBB prior to version 2.0.11, specifically via groupcp.php. Affected software: phpBB 2.0.10 and earlier. Vulnerability: an attacker can supply a URL in the phpbb_root_path parameter, enabling remote code execution because PHP file inclusion occurs wi...

7.5CVSS7.9AI score0.01216EPSS
CVE
CVE
added 2005/11/16 7:37 a.m.43 views

CVE-2003-1244

CVE-2003-1244 affects phpBB 2.0, 2.0.1 and 2.0.2 via a SQL injection in page_header.php triggered by the forum_id parameter to index.php. The underlying issue is improper handling of the forum_id value, enabling an attacker to brute-force user passwords and potentially gain unauthorized access to...

7.5CVSS8.3AI score0.01188EPSS