Minerva
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5781 | Hig | 0.57 | 8.8 | 0.00 | Apr 28, 2026 | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field.… | ||
| CVE-2026-5780 | Hig | 0.53 | 8.1 | 0.00 | Apr 28, 2026 | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authenticated user can access the data of other registered users simply by modifying the… | ||
| CVE-2007-1555 | 0.03 | — | 0.01 | Mar 20, 2007 | SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||
| CVE-2006-5077 | 0.03 | — | 0.03 | Sep 29, 2006 | PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||
| CVE-2006-3028 | 0.03 | — | 0.04 | Jun 15, 2006 | PHP remote file inclusion vulnerability in stat_modules/users_age/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
- risk 0.57cvss 8.8epss 0.00
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field.…
- risk 0.53cvss 8.1epss 0.00
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authenticated user can access the data of other registered users simply by modifying the…
- CVE-2007-1555Mar 20, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter.
- CVE-2006-5077Sep 29, 2006risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
- CVE-2006-3028Jun 15, 2006risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in stat_modules/users_age/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.