Ultimate PHP Board
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1821 | 0.00 | — | 0.01 | Dec 31, 2002 | Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php. | |||
| CVE-2002-2276 | 0.00 | — | 0.01 | Dec 31, 2002 | Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | |||
| CVE-2002-2322 | 0.00 | — | 0.01 | Dec 31, 2002 | Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. | |||
| CVE-1999-0854 | 0.00 | — | 0.01 | Nov 1, 1999 | Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file. |
- CVE-2002-1821Dec 31, 2002risk 0.00cvss —epss 0.01
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
- CVE-2002-2276Dec 31, 2002risk 0.00cvss —epss 0.01
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.
- CVE-2002-2322Dec 31, 2002risk 0.00cvss —epss 0.01
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.
- CVE-1999-0854Nov 1, 1999risk 0.00cvss —epss 0.01
Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.
Page 2 of 2