Vendor CVEs
PhpBB
All CVEs
356 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1707 | 0.00 | — | 0.01 | Dec 31, 2002 | install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | |||
| CVE-2002-1894 | 0.00 | — | 0.02 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | |||
| CVE-2002-0533 | 0.00 | — | 0.02 | Aug 12, 2002 | phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | |||
| CVE-2002-0475 | 0.00 | — | 0.01 | Aug 12, 2002 | Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | |||
| CVE-2002-0473 | 0.00 | — | 0.05 | Aug 12, 2002 | db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. | |||
| CVE-2001-1482 | 0.00 | — | 0.01 | Dec 31, 2001 | SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable. |
- CVE-2002-1707Dec 31, 2002risk 0.00cvss —epss 0.01
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
- CVE-2002-1894Dec 31, 2002risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
- CVE-2002-0533Aug 12, 2002risk 0.00cvss —epss 0.02
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
- CVE-2002-0475Aug 12, 2002risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
- CVE-2002-0473Aug 12, 2002risk 0.00cvss —epss 0.05
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
- CVE-2001-1482Dec 31, 2001risk 0.00cvss —epss 0.01
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
Page 8 of 8