VYPR

UPB

by Ultimate PHP Board

CVEs (4)

  • CVE-2006-3208Jun 24, 2006
    risk 0.00cvss epss 0.01

    Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3)…

  • CVE-2005-2003Jun 16, 2005
    risk 0.00cvss epss 0.01

    Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message.

  • CVE-2005-2005Jun 16, 2005
    risk 0.00cvss epss 0.01

    Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat.

  • CVE-2005-1616May 16, 2005
    risk 0.00cvss epss 0.01

    viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.