Phpbb Group Phpbb vulnerabilities
75 known vulnerabilities affecting phpbb_group/phpbb.
Total CVEs
75
CISA KEV
0
Public exploits
20
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH22MEDIUM44LOW2
Vulnerabilities
Page 3 of 4
CVE-2002-1707P4MEDIUMCVSS 5.0v2.0.0v2.0.1+4 more2002-12-31
CVE-2002-1707 [MEDIUM] CVE-2002-1707: install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
nvd
CVE-2003-1373P4MEDIUMCVSS 6.8v1.4.0v1.4.1+2 more2003-12-31
CVE-2003-1373 [MEDIUM] CWE-22 CVE-2003-1373: Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
nvd
CVE-2005-0259P4MEDIUMCVSS 6.4v2.0.0v2.0.1+19 more2005-03-14
CVE-2005-0259 [MEDIUM] CVE-2005-0259: phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
nvd
CVE-2006-0450P4MEDIUMCVSS 5.0v2.0.0v2.0.1+27 more2006-01-27
CVE-2006-0450 [MEDIUM] CVE-2006-0450: phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
nvd
CVE-2004-1950P4MEDIUMCVSS 5.0v2.0.0v2.0.1+11 more2004-04-19
CVE-2004-1950 [MEDIUM] CVE-2004-1950: phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, wh
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
nvd
CVE-2005-3537P4MEDIUMCVSS 5.0v2.0.0v2.0.1+25 more2005-12-22
CVE-2005-3537 [MEDIUM] CVE-2005-3537: A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit privat
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.
nvd
CVE-2003-1215P4MEDIUMCVSS 4.6v1.0.0v1.2.0+17 more2003-12-29
CVE-2003-1215 [MEDIUM] CVE-2003-1215: SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to pe
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
nvd
CVE-2006-6508P4MEDIUMCVSS 6.0v2.0.212006-12-14
CVE-2006-6508 [MEDIUM] CVE-2006-6508: Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2006-0438P4MEDIUMCVSS 5.0v2.0.0v2.0.1+27 more2006-02-06
CVE-2006-0438 [MEDIUM] CVE-2006-0438: Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbc
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.
nvd
CVE-2004-0730P4MEDIUMCVSS 6.8v2.0.8v2.0.8a2004-07-27
CVE-2004-0730 [MEDIUM] CVE-2004-0730: Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
nvd
CVE-2006-0437P4MEDIUMCVSS 4.3v2.0.6cv2.0.6d+15 more2006-02-06
CVE-2006-0437 [MEDIUM] CVE-2006-0437: Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attacker
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "" characters.
nvd
CVE-2005-0673P4MEDIUMCVSS 4.3v2.0.132005-05-02
CVE-2005-0673 [MEDIUM] CVE-2005-0673: Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attac
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.
nvd
CVE-2004-0339P4MEDIUMCVSS 6.8v2.0v2.0.1+7 more2004-11-23
CVE-2004-0339 [MEDIUM] CVE-2004-0339: Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, all
Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.
nvd
CVE-2004-2054P4MEDIUMCVSS 5.0v2.0.0v2.0.1+17 more2004-12-31
CVE-2004-2054 [MEDIUM] CVE-2004-2054: CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Respon
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.
nvd
CVE-2005-3418P4MEDIUMCVSS 4.3v2.0.0v2.0.1+25 more2005-11-01
CVE-2005-3418 [MEDIUM] CVE-2005-3418: Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attacke
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.
nvd
CVE-2006-0063P4MEDIUMCVSS 4.3v2.0.192006-01-05
CVE-2006-0063 [MEDIUM] CVE-2006-0063: Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allow
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.
nvd
CVE-2002-0533P4MEDIUMCVSS 5.0v1.0.0v1.2.0+5 more2002-08-12
CVE-2002-0533 [MEDIUM] CVE-2002-0533: phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consum
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
nvd
CVE-2004-1809P4MEDIUMCVSS 4.3v2.0.0v2.0.1+11 more2004-12-31
CVE-2004-1809 [MEDIUM] CVE-2004-1809: Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inje
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.
nvd
CVE-2005-1115P4MEDIUMCVSS 4.3v2.0.0v2.0.1+16 more2005-05-02
CVE-2005-1115 [MEDIUM] CVE-2005-1115: Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow rem
Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.
nvd
CVE-2005-2161P4MEDIUMCVSS 4.3v2.0.162005-07-06
CVE-2005-2161 [MEDIUM] CVE-2005-2161: Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary
Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags.
nvd