Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpbb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1116
Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote malicious users to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.
Phpbb Group Phpbb
6.5
CVSSv3
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
Phpbb Phpbb 3.2.7
NA
CVE-2008-7143
phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote malicious users to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID i...
Phpbb Phpbb 2.0.23
4.3
CVSSv3
CVE-2019-16107
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments.
Phpbb Phpbb 3.2.7
4.3
CVSSv3
CVE-2020-5501
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
Phpbb Phpbb 3.2.8
6.5
CVSSv3
CVE-2020-5502
phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.
Phpbb Phpbb 3.2.8
NA
CVE-2008-0471
Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote malicious users to delete private messages (PM) as arbitrary users via a deleteall action.
Phpbb Phpbb 2.0.22
NA
CVE-2010-1627
feed.php in phpBB 3.0.7 prior to 3.0.7-PL1 does not properly check permissions for feeds, which allows remote malicious users to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum.
Phpbb Phpbb 3.0.7
NA
CVE-2008-4125
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote malicious users to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CV...
Phpbb Phpbb 2
NA
CVE-2006-4893
PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
Phpbb Xs Phpbb Xs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »