Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpbb vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-11767
Server side request forgery (SSRF) in phpBB prior to 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.
Phpbb Phpbb
6.8
CVSSv2
CVE-2015-1432
The message_options function in includes/ucp/ucp_pm_options.php in phpBB prior to 3.0.13 does not properly validate the form key, which allows remote malicious users to conduct CSRF attacks and change the full folder setting via unspecified vectors.
Phpbb Phpbb
7.5
CVSSv2
CVE-2007-4653
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and previous versions for phpBB 2.0.22 and previous versions allows remote malicious users to execute arbitrary SQL commands via the start parameter in a search action.
Phpbb Phpbb
1 EDB exploit
5
CVSSv2
CVE-2019-9826
The fulltext search component in phpBB prior to 3.2.6 allows Denial of Service.
Phpbb Phpbb
5
CVSSv2
CVE-2020-8226
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.
Phpbb Phpbb
NA
CVE-2023-5917
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. ...
Phpbb Phpbb
6.8
CVSSv2
CVE-2006-5301
PHP remote file inclusion vulnerability in includes/antispam.php in the SpamBlockerMODv 1.0.2 and previous versions module for phpBB allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Phpbb Spamblockermod 1.0
Phpbb Spamblockermod 1.0.1
Phpbb Spamblockermod
1 EDB exploit
7.5
CVSSv2
CVE-2006-2360
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phpbb Group Phpbb
1 EDB exploit
5
CVSSv2
CVE-2006-2220
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote malicious users to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the ...
Phpbb Phpbb 2.0.20
4.3
CVSSv2
CVE-2002-2255
Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote malicious users to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.
Phpbb Phpbb 2.0.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »