Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpbb vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-16993
In phpBB prior to 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator ...
Phpbb Phpbb
Debian Debian Linux 8.0
8.8
CVSSv3
CVE-2001-1471
prefs.php in phpBB 1.4.0 and previous versions allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be...
Phpbb Phpbb
1 EDB exploit
7.5
CVSSv3
CVE-2019-16108
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode.
Phpbb Phpbb 3.2.7
7.5
CVSSv3
CVE-2019-9826
The fulltext search component in phpBB prior to 3.2.6 allows Denial of Service.
Phpbb Phpbb
7.5
CVSSv3
CVE-2017-1000419
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an malicious user to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.
Phpbb Phpbb 3.2.0
7.2
CVSSv3
CVE-2018-19274
Passing an absolute path to a file_exists check in phpBB prior to 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
Phpbb Phpbb
Debian Debian Linux 8.0
6.5
CVSSv3
CVE-2020-5502
phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.
Phpbb Phpbb 3.2.8
6.5
CVSSv3
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
Phpbb Phpbb 3.2.7
6.1
CVSSv3
CVE-2023-5917
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. ...
Phpbb Phpbb
6.1
CVSSv3
CVE-2011-0544
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.
Phpbb Phpbb
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »