Filtered by vendor Phpbb Group
Subscriptions
Total
93 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1315 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. | ||||
| CVE-2001-1482 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable. | ||||
| CVE-2006-4758 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. | ||||
| CVE-2002-0533 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | ||||
| CVE-2002-1537 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u". | ||||
| CVE-2002-1707 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2002-2176 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. | ||||
| CVE-2003-0484 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. | ||||
| CVE-2003-1215 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter. | ||||
| CVE-2003-1244 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | ||||
| CVE-2003-1373 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php. | ||||
| CVE-2004-1943 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | ||||
| CVE-2004-2350 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter. | ||||