Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpbb phpbb vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2003-1373
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 up to and including 1.4.4 allows remote malicious users to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in pr...
Phpbb Group Phpbb 1.4.4
Phpbb Group Phpbb 1.4.1
Phpbb Group Phpbb 1.4.2
Phpbb Group Phpbb 1.4.0
10
CVSSv2
CVE-2006-6839
Unspecified vulnerability in phpBB prior to 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
Phpbb Group Phpbb 1.2.4 Rc3
Phpbb Group Phpbb 2.0.18
Phpbb Group Phpbb 2.0.20
Phpbb Group Phpbb 2.0.21
10
CVSSv2
CVE-2006-6841
Certain forms in phpBB prior to 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
Phpbb Group Phpbb 2.0.18
Phpbb Group Phpbb 2.0.21
Phpbb Group Phpbb 1.2.4 Rc3
Phpbb Group Phpbb 2.0.20
7.5
CVSSv2
CVE-2003-1244
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote malicious users to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2005-1113
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) ...
Phpbb Group Phpbb Plus
Phpbb Group Phpbb Plus 1.3
Phpbb Group Phpbb Plus 1.51
7.5
CVSSv2
CVE-2006-3940
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote malicious users to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-123...
Phpbb Group Phpbb-auction 1.3m
Phpbb Group Phpbb-auction 1.0m
Phpbb Group Phpbb-auction 1.2m
2 EDB exploits
6.8
CVSSv2
CVE-2006-2245
PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Phpbb Group Phpbb-auction 1.3m
Phpbb Group Phpbb-auction 1.0m
Phpbb Group Phpbb-auction 1.2m
1 EDB exploit
6.8
CVSSv2
CVE-2007-5100
Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a prior to 20070922, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album...
Phpbb Phpbb Plus 1.53
Phpbb Phpbb Plus
6.8
CVSSv2
CVE-2004-0730
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote malicious users to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parame...
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0.8a
5
CVSSv2
CVE-2004-0729
PhpBB 2.0.8 allows remote malicious users to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0.8a
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »