Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpbb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6506
Unspecified vulnerability in phpBB prior to 3.0.4 allows malicious users to bypass intended access restrictions and activate de-activated accounts via unknown vectors.
Phpbb Phpbb 2.0.3
Phpbb Phpbb 2.01
Phpbb Phpbb 3.0
Phpbb Phpbb 1.0
Phpbb Phpbb 2.0
Phpbb Phpbb 2.0.1
Phpbb Phpbb 3.0.2
Phpbb Phpbb
Phpbb Phpbb 3.0.1
Phpbb Phpbb 2.0.2
Phpbb Phpbb 2.0.22
NA
CVE-2006-5209
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and previous versions, as used in phpBB 2.0 up to 2.0.21, allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Phpbb Group Phpbb 2.0
Phpbb Group Phpbb 2.0.15
Phpbb Group Phpbb 2.0.16
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.12
Phpbb Group Phpbb 2.0.19
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 2.0 Rc3
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.17
Phpbb Group Phpbb 2.0.18
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
1 EDB exploit
NA
CVE-2006-0438
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote malicious users to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1)...
Phpbb Group Phpbb 2.0.13
Phpbb Group Phpbb 2.0.14
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.12
Phpbb Group Phpbb 2.0.19
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.15
Phpbb Group Phpbb 2.0.16
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0 Rc4
Phpbb Group Phpbb 2.0.1
NA
CVE-2006-0450
phpBB 2.0.19 and previous versions allows remote malicious users to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
Phpbb Group Phpbb 2.0.14
Phpbb Group Phpbb 2.0.15
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.16
Phpbb Group Phpbb 2.0.17
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.12
Phpbb Group Phpbb 2.0.13
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
1 Github repository
NA
CVE-2006-0632
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote malicious users to obtain the key and mo...
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.15
Phpbb Group Phpbb 2.0.16
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 2.0.13
Phpbb Group Phpbb 2.0.14
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.17
Phpbb Group Phpbb 2.0.18
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 2.0 Rc3
Phpbb Group Phpbb 2.0.11
NA
CVE-2005-0614
sessions.php in phpBB 2.0.12 and previous versions allows remote malicious users to gain administrator privileges via the autologinid value in a cookie.
Phpbb Group Phpbb 1.0.0
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 1.2.0
Phpbb Group Phpbb 1.2.1
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.12
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 2.0 Rc3
Phpbb Group Phpbb 2.0 Rc4
Phpbb Group Phpbb 1.4.0
Phpbb Group Phpbb 1.4.1
Phpbb Group Phpbb 1.4.2
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0.7a
3 EDB exploits
NA
CVE-2004-1315
viewtopic.php in phpBB 2.x prior to 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote malicious users to execute arbitrary PHP code by double-encoding the highlight value so that special characters are insert...
Phpbb Group Phpbb 1.2.0
Phpbb Group Phpbb 1.2.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0 Rc4
Phpbb Group Phpbb
Phpbb Group Phpbb 1.4.2
Phpbb Group Phpbb 1.4.4
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 1.4.0
Phpbb Group Phpbb 1.4.1
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 1.0.0
4 EDB exploits
NA
CVE-2005-3415
phpBB 2.0.17 and previous versions allows remote malicious users to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but n...
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.12
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.15
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.17
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0 Rc4
Phpbb Group Phpbb 2.0.13
Phpbb Group Phpbb 2.0.14
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
NA
CVE-2005-3416
phpBB 2.0.17 and previous versions, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote malicious users to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arr...
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.16
Phpbb Group Phpbb 2.0.17
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 2.0 Rc3
Phpbb Group Phpbb 2.0 Rc4
Phpbb Group Phpbb 2.0.14
Phpbb Group Phpbb 2.0.15
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.12
NA
CVE-2005-3417
phpBB 2.0.17 and previous versions, when the register_long_arrays directive is disabled, allows remote malicious users to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.
Phpbb Group Phpbb 2.0.14
Phpbb Group Phpbb 2.0.15
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.12
Phpbb Group Phpbb 2.0.13
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.16
Phpbb Group Phpbb 2.0.17
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 2.0 Rc3
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »