Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php forum vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-4758
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
Phpbb Group Phpbb 2.0.21
NA
CVE-2006-4467
Simple Machines Forum (SMF) 1.1RCx prior to 1.1RC3, and 1.0.x prior to 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to perform direc...
Simple Machines Simple Machines Forum
NA
CVE-2006-3955
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote malicious users to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php.
Minibb Minibb 1.5a
1 EDB exploit
NA
CVE-2006-3773
PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote malicious users to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Mambo Smf-forum 1.3.1.3 Bridge Component
1 EDB exploit
NA
CVE-2006-3690
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.
Minibb Forum 1.5a
1 EDB exploit
NA
CVE-2006-3555
Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion prior to 6.01.3 allow remote malicious users to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, an...
Php Fusion Php Fusion 6.00.102
Php Fusion Php Fusion 6.00.103
Php Fusion Php Fusion 6.00.110
Php Fusion Php Fusion 6.00.200
Php Fusion Php Fusion 6.00.304
Php Fusion Php Fusion 6.00.306
Php Fusion Php Fusion 6.0.105
Php Fusion Php Fusion 6.00.104
Php Fusion Php Fusion 6.00.105
Php Fusion Php Fusion 6.00.204
Php Fusion Php Fusion 6.00.205
Php Fusion Php Fusion 6.00.307
Php Fusion Php Fusion 6.01.2
Php Fusion Php Fusion 6.0.106
Php Fusion Php Fusion 6.0.107
Php Fusion Php Fusion 6.00.106
Php Fusion Php Fusion 6.00.107
Php Fusion Php Fusion 6.00.206
Php Fusion Php Fusion 6.00.207
Php Fusion Php Fusion 6.00.100
Php Fusion Php Fusion 6.00.101
Php Fusion Php Fusion 6.00.108
NA
CVE-2006-3173
Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter to (c) modules/...
Content\\*builder Content\\*builder 0.7.5
1 EDB exploit
NA
CVE-2006-1898
Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote malicious users to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access to hash passwo...
Ralph Capper Tinyphpforum 3.6
NA
CVE-2006-0076
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote malicious users to execute arbitrary PHP code via a URL in the inc parameter.
Oaboard Oaboard 1.0
1 EDB exploit
NA
CVE-2005-4593
PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary code via a URL in the (1) FORUM[LIB] parameter in Documentation/tests/bug-559668.php and (2) the root_dir...
Joshua Eichorn Phpdocumentor 1.2.3
Joshua Eichorn Phpdocumentor 1.3 Rc3
Joshua Eichorn Phpdocumentor 1.3 Rc4
Joshua Eichorn Phpdocumentor 1.2
Joshua Eichorn Phpdocumentor 1.2.1
Joshua Eichorn Phpdocumentor 1.2.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »