Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
minibb minibb vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2018-6506
Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.
Minibb Minibb 3.2.2
NA
CVE-2014-9254
bb_func_unsub.php in MiniBB 3.1 prior to 20141127 uses an incorrect regular expression, which allows remote malicious users to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
Minibb Minibb
1 EDB exploit
NA
CVE-2013-5020
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB prior to 3.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is alread...
Minibb Minibb
1 EDB exploit
NA
CVE-2008-5171
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin pa...
Phpblaster Phpblaster Cms 1.0
1 EDB exploit
NA
CVE-2008-2066
Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote malicious users to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions prior to 3.0.1 are also vulnerable.
Minibb Minibb 2.2a
NA
CVE-2008-2067
SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote malicious users to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions prior to 3.0.1 are also vulnerable.
Minibb Minibb 2.2a
NA
CVE-2008-2028
miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote malicious users to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.
Minibb Minibb
1 EDB exploit
NA
CVE-2008-2029
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote malicious users to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
Minibb Minibb
1 EDB exploit
NA
CVE-2008-2024
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote malicious users to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.
Minibb Minibb
1 EDB exploit
NA
CVE-2007-5719
SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote malicious users to execute arbitrary SQL commands via the table parameter to index.php.
Minibb Minibb 2.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »