Myupb Ultimate Php Board vulnerabilities
4 known vulnerabilities affecting myupb/ultimate_php_board.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2003-0395P3HIGHCVSS 7.5PoCv1.92003-07-02
CVE-2003-0395 [HIGH] CWE-94 CVE-2003-0395: Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administ
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
nvd
CVE-2025-61540P3MEDIUMCVSS 6.5v2.2.72025-10-16
CVE-2025-61540 [MEDIUM] CWE-89 CVE-2025-61540: SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.
SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.
nvd
CVE-2025-61539P4MEDIUMCVSS 6.1v2.2.72025-10-16
CVE-2025-61539 [MEDIUM] CWE-79 CVE-2025-61539: Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in los
Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.
nvd
CVE-2015-2217P4MEDIUMCVSS 4.3v2.2.72015-03-10
CVE-2015-2217 [MEDIUM] CWE-79 CVE-2015-2217: Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 a
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php.
nvd