Filtered by vendor Phpbb
Subscribe
Total
64 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-7143 | 1 Phpbb | 1 Phpbb | 2023-12-10 | 6.8 MEDIUM | N/A |
phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header. | |||||
CVE-2008-4125 | 1 Phpbb | 1 Phpbb | 2023-12-10 | 5.0 MEDIUM | N/A |
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632. | |||||
CVE-2008-1565 | 2 Hotscripts, Phpbb | 2 Pjirc, Pjirc Module | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. | |||||
CVE-2008-1512 | 1 Phpbb | 1 Module Xs | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-6301 | 2 Phpbb, Prezmo | 2 Phpbb, Small Shoutbox | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | |||||
CVE-2009-3052 | 2 Absoluteanime, Phpbb | 2 Prime Quick Style, Phpbb | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php. | |||||
CVE-2008-6507 | 1 Phpbb | 1 Phpbb | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum. | |||||
CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | |||||
CVE-2008-1766 | 1 Phpbb | 1 Phpbb | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs." | |||||
CVE-2008-6314 | 1 Phpbb | 2 Phpbb, Tag Board | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | |||||
CVE-2008-3224 | 1 Phpbb | 1 Phpbb | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()." | |||||
CVE-2007-4653 | 1 Phpbb | 1 Phpbb | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action. | |||||
CVE-2006-5390 | 1 Phpbb | 1 Acp User Registration Module | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2006-5309 | 1 Phpbb | 1 Prillian French | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2007-3935 | 1 Phpbb | 1 Supanav | 2023-12-10 | 9.3 HIGH | N/A |
PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2006-5312 | 1 Phpbb | 1 Ajax Shoutbox | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2008-1305 | 2 Chieminger, Phpbb | 2 Filebase Module, Phpbb | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-5100 | 1 Phpbb | 1 Phpbb Plus | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009. | |||||
CVE-2007-4984 | 2 Ktauber, Phpbb | 2 Stylesdemo, Phpbb | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter. | |||||
CVE-2007-2858 | 1 Phpbb | 1 Ip-tracking | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field. |