Phpbb Group Phpbb vulnerabilities

CVE-2003-1244 [HIGH] CWE-89 CVE-2003-1244: SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.

CVE-2003-1373 [MEDIUM] CWE-22 CVE-2003-1373: Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.

CVE-2003-1215 [MEDIUM] CVE-2003-1215: SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to pe SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.

CVE-2003-1216 [HIGH] CVE-2003-1216: SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to exe SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.

CVE-2003-0486 [MEDIUM] CVE-2003-0486: SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.

CVE-2002-1537 [CRITICAL] CVE-2002-1537: admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly cal admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".

CVE-2002-2176 [CRITICAL] CVE-2002-2176: SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative acces SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.

CVE-2002-1894 [MEDIUM] CVE-2002-1894: Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

CVE-2002-1707 [MEDIUM] CVE-2002-1707: install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.

CVE-2002-0902 [HIGH] CVE-2002-0902: Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javasc Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.

CVE-2002-0473 [CRITICAL] CVE-2002-0473: db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.

CVE-2002-0533 [MEDIUM] CVE-2002-0533: phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consum phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.

CVE-2002-0475 [MEDIUM] CVE-2002-0475: Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arb Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.

CVE-2001-1482 [HIGH] CVE-2001-1482: SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.

CVE-2001-1472 [MEDIUM] CVE-2001-1472: SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.