CVE Tools

phpbb group

Web & CMS PluginsGBoss-project

85

Cumulative CVEs

25

Monthly snapshots

#8

Peak rank

Top products

phpbb advanced guestbook2 phpbb1

Latest CVEs

The 15 most recently published vulnerabilities affecting phpbb group.

CVE-2003-1373Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters ...6.8Oct 17, 2007
CVE-2007-1695PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this...10.0Mar 27, 2007
CVE-2006-7077SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.6.8Feb 27, 2007
CVE-2006-7076Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this iss...4.3Feb 27, 2007
CVE-2006-2219phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by t...5.0Feb 8, 2007
CVE-2006-6841Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.10.0Jan 3, 2007
CVE-2006-6840Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."10.0Jan 3, 2007
CVE-2006-6839Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."10.0Jan 3, 2007
CVE-2006-6508Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance o...6.0Dec 14, 2006
CVE-2006-6421Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Mes...6.0Dec 10, 2006
CVE-2006-5435PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and t...7.5Oct 20, 2006
CVE-2006-5209PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to exe...7.5Oct 9, 2006
CVE-2006-4779PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_...7.5Sep 14, 2006
CVE-2006-4758phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php ...4.6Sep 13, 2006
CVE-2006-4450usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in a...5.1Aug 30, 2006