ReportizFlow
Filtered by vendor Phpbb Group
Subscriptions
Filtered by product Phpbb
Subscriptions
Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1775 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. | ||||
| CVE-2005-0258 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | ||||
| CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | ||||
| CVE-2006-2134 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2002-0533 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | ||||
| CVE-2005-0872 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. | ||||
| CVE-2005-1290 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. | ||||
| CVE-2005-4358 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | ||||
| CVE-2005-2161 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. | ||||
| CVE-2005-3418 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. | ||||
| CVE-2005-3420 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement. | ||||
| CVE-2005-3536 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | ||||
| CVE-2006-4450 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. | ||||
| CVE-2005-4357 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover. | ||||
| CVE-2006-0063 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. | ||||
| CVE-2005-0603 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. | ||||
| CVE-2003-1373 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php. | ||||
| CVE-2004-2358 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2006-2359 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | ||||
| CVE-2006-2360 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||