24 matches found
CVE-2004-1943
CVE-2004-1943 describes a PHP remote file inclusion in album_portal.php for phpBB modified by Przemo 1.8. The vulnerability allows remote attackers to execute arbitrary PHP code by supplying a crafted phpbb_root_path parameter. The details come from NVD/CVE records; no additional exploit, mitigat...
CVE-2004-1315
Summary: CVE-2004-1315 affects phpBB 2.x prior to 2.0.11. The vulnerability stems from improper URL decoding of the highlight parameter in viewtopic.php, allowing a remote attacker to double-encode the highlight value so that PHP exec runs arbitrary code. Exploited in the wild by the Santy.A worm...
CVE-2003-1216
CVE-2003-1216 affects phpBB 2.0.6 and earlier, due to a SQL injection in the search.php handling of the search_id parameter. The vulnerability can allow remote attackers to execute arbitrary SQL and potentially gain privileges. Public details list the affected component as search.php in phpBB pri...
CVE-2005-2086
Summary of concrete details (CVE-2005-2086) : The phpBB viewtopic.php vulnerability is an arbitrary code execution flaw affecting phpBB 2.0.4 through 2.0.15 (inclusive). The root cause involves improper handling of the highlight parameter in viewtopic.php, enabling PHP code execution on vulnerabl...
CVE-2005-3415
CVE-2005-3415 affects phpBB 2.0.17 and earlier, where remote attackers can bypass protection by setting a GET/POST/COOKIE variable and a GLOBALS[] variable with the same name, causing GLOBALS[] to be unset while the GPC variable remains. This can manipulate phpBB behavior. The OpenVAS and Debian ...
CVE-2004-2350
The CVE-2004-2350 entry pertains to an SQL injection in phpBB’s search.php affecting phpBB 1.0 through 2.0.6 via the search_results parameter. The underlying vulnerability allows remote attackers to execute arbitrary SQL and potentially gain privileges, as described in the fixed-text CVE descript...
CVE-2005-1193
The CVE-2005-1193 vulnerability affects phpBB up to version 2.0.14 (before 2.0.15). The bbencode_second_pass and make_clickable functions in bbcode.php fail to filter BBCode URLs, allowing remote attackers to execute arbitrary script via URL schemes such as javascript:, applet:, about:, activex:,...
CVE-2005-0614
Affected software/component: phpBB (versions
CVE-2005-3416
CVE-2005-3416 affects phpBB up to version 2.0.17 (and earlier) where, if register_globals is enabled and session handling omits a call to session_start, an attacker can bypass security checks by assigning strings to $_SESSION and $HTTP_SESSION_VARS, which causes an array_merge to fail. OpenVAS/De...
CVE-2005-3417
The issue concerns phpBB 2.0.x (2.0.17 and earlier). CVE-2005-3417 is documented as allowing remote attackers to modify global variables and bypass security when certain PHP globals behavior is altered. OpenVAS and Debian/FreeBSD advisories confirm a set of related flaws (CVE-2005-3310, 3415, 341...
CVE-2005-1196
CVE-2005-1196: SQL injection in phpBB Knowledge Base module kb.php via the cat parameter due to improper input sanitization. This allows remote attackers to modify SQL queries and potentially access sensitive data. Affected component is the Knowledge Base module for phpBB; the vulnerability is do...
CVE-2005-3419
CVE-2005-3419 is a SQL injection vulnerability in phpBB2 (phpBB 2.0.x). The Debian advisory DSA-925-1 and OpenVAS entries enumerate that phpBB2 could be affected via the signature_bbcode_uid parameter, enabling remote attackers to execute arbitrary SQL commands. The issue is listed among multiple...
CVE-2004-1535
The CVE-2004-1535 issue affects the Cash Mod for phpBB, where admin_cash.php is vulnerable to remote file inclusion via the phpbb_root_path parameter, allowing an attacker to instruct the server to include PHP code from a remote URL and execute arbitrary code. This results in remote code executio...
CVE-2005-3420
CVE-2005-3420 affects phpBB 2.0.x (notably phpBB 2.0.17) via the signature_bbcode_uid parameter in usercp_register.php, allowing remote attackers to modify regular expressions and execute PHP code. Debian and OpenVAS advisories group this with multiple phpBB vulnerabilities; Debian fixes upgrade ...
CVE-2005-3536
CVE-2005-3536 : SQL injection in phpBB 2 prior to 2.0.18 via the topic type. Multiple connected advisories (Debian DSA-925-1, OpenVAS entries) confirm the vulnerability and suggest patching phpBB2 packages; remediation involves upgrading to the fixed phpBB version per the advisories. The affected...
CVE-2001-1482
CVE-2001-1482 describes an SQL injection in phpBB 1.4.2, triggered via the $sortby parameter in bb_memberlist.php. The vulnerable component is the member list generation logic, where input is not sufficiently sanitized, allowing remote attackers to execute arbitrary SQL queries. The provided docu...
CVE-2006-2865
The CVE-2006-2865 issue concerns phpBB 2 with a remote file inclusion in template.php via the page parameter, enabling an attacker to execute arbitrary PHP code. Concrete details from connected sources confirm the affected software (phpBB 2) and the vulnerable component (template.php) with the ro...
CVE-2005-1114
CVE-2005-1114 affects Photo Album 2.0.53 for phpBB; multiple SQL injection vulnerabilities exist in album_search.php that let remote attackers execute arbitrary SQL via the (1) mode or (2) search parameters. The NVD entry lists a base score of 7.5 (HIGH) with network attack vector and no authenti...
CVE-2006-2360
CVE-2006-2360 is an SQL injection vulnerability in the Chart Mod for phpBB, specifically in charts.php via the id parameter. Affected component is the Chart mod for phpBB; the root cause is improper input handling allowing the execution of arbitrary SQL commands by remote attackers. Documented im...
CVE-2002-0902
CVE-2002-0902 describes a cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2). An attacker can cause script execution in other phpBB users’ browsers by inserting a http:// and a double-quote (") into an IMG tag, bypassing phpBB’s security check, which terminates the src parameter of the IM...
CVE-2005-1047
CVE-2005-1047 concerns a vulnerability in the phpBB 2.0.x up.php file upload mod. The issue is that the upload script does not properly restrict file types, allowing remote authenticated users to upload executable PHP files and subsequently access them from the uploads directory to execute arbitr...
CVE-2006-5209
The CVE-2006-5209 entry describes a PHP remote file inclusion in Admin Topic Action Logging Mod 0.95 and earlier, used with phpBB 2.0 up to 2.0.21. The vulnerability allows remote attackers to execute arbitrary PHP code via a URL supplied to the phpbb_root_path parameter in admin/admin_topic_acti...
CVE-2006-5435
The CVE concerns PHP remote file inclusion in phpBB prior to version 2.0.11, specifically via groupcp.php. Affected software: phpBB 2.0.10 and earlier. Vulnerability: an attacker can supply a URL in the phpbb_root_path parameter, enabling remote code execution because PHP file inclusion occurs wi...
CVE-2003-1244
CVE-2003-1244 affects phpBB 2.0, 2.0.1 and 2.0.2 via a SQL injection in page_header.php triggered by the forum_id parameter to index.php. The underlying issue is improper handling of the forum_id value, enabling an attacker to brute-force user passwords and potentially gain unauthorized access to...