Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0437 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. | |||||
| CVE-2005-3420 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement. | |||||
| CVE-2006-0632 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.4 MEDIUM | N/A |
| The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. | |||||
| CVE-2006-2360 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2004-2130 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables. | |||||
| CVE-2006-2865 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod | |||||
| CVE-2003-0484 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. | |||||
| CVE-2002-0475 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | |||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2006-4450 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.1 MEDIUM | N/A |
| usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. | |||||
| CVE-2005-1196 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter. | |||||
| CVE-2003-0486 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. | |||||
| CVE-2002-0902 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | |||||
| CVE-2003-1216 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. | |||||
| CVE-2005-3416 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail. | |||||
| CVE-2005-3537 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. | |||||
| CVE-2004-1535 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2006-2359 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2004-2350 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter. | |||||
| CVE-2003-1244 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | |||||