Filtered by vendor Phpbb
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6507 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum. | |||||
| CVE-2009-3052 | 2 Absoluteanime, Phpbb | 2 Prime Quick Style, Phpbb | 2024-02-04 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php. | |||||
| CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | |||||
| CVE-2008-3224 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()." | |||||
| CVE-2008-1512 | 1 Phpbb | 1 Module Xs | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6301 | 2 Phpbb, Prezmo | 2 Phpbb, Small Shoutbox | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | |||||
| CVE-2008-6314 | 1 Phpbb | 2 Phpbb, Tag Board | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | |||||
| CVE-2008-1766 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs." | |||||
| CVE-2008-7143 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 6.8 MEDIUM | N/A |
| phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header. | |||||
| CVE-2008-1565 | 2 Hotscripts, Phpbb | 2 Pjirc, Pjirc Module | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. | |||||
| CVE-2008-4125 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 5.0 MEDIUM | N/A |
| The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632. | |||||
| CVE-2006-5306 | 1 Phpbb | 1 Journals System Module | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Journals System module 1.0.2 (RC2) and earlier for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/journals_delete.php, (2) includes/journals_post.php, or (3) includes/journals_edit.php. | |||||
| CVE-2007-4653 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action. | |||||
| CVE-2006-7168 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-7100 | 1 Phpbb | 1 Insert User | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2008-0471 | 1 Phpbb | 1 Phpbb | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. | |||||
| CVE-2006-5390 | 1 Phpbb | 1 Acp User Registration Module | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2858 | 1 Phpbb | 1 Ip-tracking | 2024-02-04 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field. | |||||
| CVE-2006-5418 | 1 Phpbb | 1 Searchindexer | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5309 | 1 Phpbb | 1 Prillian French | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||