Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2350 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter. | |||||
| CVE-2006-1603 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-0258 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | |||||
| CVE-2006-0063 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. | |||||
| CVE-2005-3418 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. | |||||
| CVE-2006-1895 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. | |||||
| CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.4 MEDIUM | N/A |
| phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | |||||
| CVE-2001-1472 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. | |||||
| CVE-2005-3416 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail. | |||||
| CVE-2005-1196 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter. | |||||
| CVE-2004-1315 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. | |||||
| CVE-2001-1482 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable. | |||||
| CVE-2003-0486 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. | |||||
| CVE-2004-0339 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter. | |||||
| CVE-2005-4358 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | |||||
| CVE-2005-1116 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. | |||||
| CVE-2005-1193 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag. | |||||
| CVE-2006-0632 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.4 MEDIUM | N/A |
| The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. | |||||
| CVE-2005-4357 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover. | |||||
| CVE-2005-0872 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||