Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpbb phpbb vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-2220
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote malicious users to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the ...
Phpbb Phpbb 2.0.20
4.3
CVSSv2
CVE-2006-2359
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote malicious users to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
Phpbb Group Phpbb
1 EDB exploit
6
CVSSv2
CVE-2006-1896
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original ...
Phpbb Group Phpbb
6.8
CVSSv2
CVE-2003-0484
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote malicious users to insert arbitrary web script via the topic_id parameter.
Phpbb Group Phpbb
4.3
CVSSv2
CVE-2005-1116
Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote malicious users to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.
Phpbb Group Phpbb
7.5
CVSSv2
CVE-2006-5435
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is def...
Phpbb Group Phpbb
4.3
CVSSv2
CVE-2002-2255
Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote malicious users to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.
Phpbb Phpbb 2.0.3
1 EDB exploit
4.3
CVSSv2
CVE-2019-16107
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments.
Phpbb Phpbb 3.2.7
5
CVSSv2
CVE-2019-16108
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode.
Phpbb Phpbb 3.2.7
5
CVSSv2
CVE-2008-4125
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote malicious users to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CV...
Phpbb Phpbb 2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »