Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpbb vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-7143
phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote malicious users to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID i...
Phpbb Phpbb 2.0.23
4.3
CVSSv2
CVE-2006-2359
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote malicious users to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
Phpbb Group Phpbb
1 EDB exploit
4.3
CVSSv2
CVE-2002-2255
Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote malicious users to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.
Phpbb Phpbb 2.0.3
1 EDB exploit
7.5
CVSSv2
CVE-2003-1530
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the mark[] parameter.
Phpbb Phpbb 2.0.3
1 EDB exploit
7.5
CVSSv2
CVE-2006-2360
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phpbb Group Phpbb
1 EDB exploit
4.3
CVSSv2
CVE-2019-16107
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments.
Phpbb Phpbb 3.2.7
7.5
CVSSv2
CVE-2006-5435
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is def...
Phpbb Group Phpbb
5
CVSSv2
CVE-2003-0486
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and previous versions allows remote malicious users to steal password hashes via the topic_id parameter.
Phpbb Group Phpbb
1 EDB exploit
4.6
CVSSv2
CVE-2006-4758
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
Phpbb Group Phpbb 2.0.21
5
CVSSv2
CVE-2005-3799
phpBB 2.0.18 allows remote malicious users to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.
Phpbb Group Phpbb 2.0.18
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »