VYPR

phpBB

by PhpBB

Source repositories

CVEs (119)

  • CVE-2007-0762Feb 6, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2006-5209Oct 10, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2006-5191Oct 10, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

  • CVE-2006-4450Aug 30, 2006
    risk 0.03cvss epss 0.04

    usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.

  • CVE-2006-2865Jun 6, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page…

  • CVE-2006-2359May 15, 2006
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.

  • CVE-2006-2360May 15, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2005-1378May 3, 2005
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors.

  • CVE-2005-1196May 2, 2005
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.

  • CVE-2004-2350Dec 31, 2004
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.

  • CVE-2004-1943Apr 19, 2004
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

  • CVE-2003-1244Dec 31, 2003
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.

  • CVE-2003-1216Nov 27, 2003
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.

  • CVE-2002-2176Dec 31, 2002
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.

  • CVE-2001-1472Aug 3, 2001
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

  • CVE-2004-1315Nov 12, 2004
    risk 0.02cvss epss 0.72

    viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into…

  • CVE-2023-5917Nov 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting.…

  • CVE-2020-8226Aug 17, 2020
    risk 0.00cvss epss 0.01

    A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.

  • CVE-2011-0544Nov 13, 2019
    risk 0.00cvss epss 0.01

    phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.

  • CVE-2015-1432Feb 10, 2015
    risk 0.00cvss epss 0.01

    The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.

Page 2 of 6