Phpbb Group Phpbb vulnerabilities
75 known vulnerabilities affecting phpbb_group/phpbb.
Total CVEs
75
CISA KEV
0
Public exploits
20
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH22MEDIUM44LOW2
Vulnerabilities
Page 4 of 4
CVE-2006-1775P4MEDIUMCVSS 4.3v2.0.192006-04-13
CVE-2006-1775 [MEDIUM] CVE-2006-1775: Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title fi
nvd
CVE-2002-1894P4MEDIUMCVSS 4.3v2.0.32002-12-31
CVE-2002-1894 [MEDIUM] CVE-2002-1894: Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
nvd
CVE-2006-1603P4MEDIUMCVSS 4.3v2.0.192006-04-04
CVE-2006-1603 [MEDIUM] CVE-2006-1603: Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to i
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2004-2055P4MEDIUMCVSS 4.3v2.0.0v2.0.1+17 more2004-07-19
CVE-2004-2055 [MEDIUM] CVE-2004-2055: Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attac
Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.
nvd
CVE-2002-0475P4MEDIUMCVSS 5.1v1.0.0v1.2.0+5 more2002-08-12
CVE-2002-0475 [MEDIUM] CVE-2002-0475: Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arb
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
nvd
CVE-2004-0729P4MEDIUMCVSS 5.0v2.0.8v2.0.8a2004-07-27
CVE-2004-0729 [MEDIUM] CVE-2004-0729: PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows p
PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.
nvd
CVE-2005-1290P4MEDIUMCVSS 4.3v2.0.0v2.0.1+14 more2005-05-02
CVE-2005-1290 [MEDIUM] CVE-2005-1290: Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attacke
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.
nvd
CVE-2005-4358P4MEDIUMCVSS 5.0v2.0.182005-12-20
CVE-2005-4358 [MEDIUM] CVE-2005-4358: admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
nvd
CVE-2006-2219P4MEDIUMCVSS 5.0v2.0.202007-02-08
CVE-2006-2219 [MEDIUM] CWE-20 CVE-2006-2219: phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-depende
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode fu
nvd
CVE-2005-0603P4MEDIUMCVSS 5.0v2.0.0v2.0.1+19 more2005-02-28
CVE-2005-0603 [MEDIUM] CVE-2005-0603: viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information vi
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
nvd
CVE-2005-4357P4LOWCVSS 2.6v2.0.182005-12-20
CVE-2005-4357 [LOW] CVE-2005-4357: Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allow
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
nvd
CVE-2005-3799P4MEDIUMCVSS 5.0v2.0.182005-11-24
CVE-2005-3799 [MEDIUM] CVE-2005-3799: phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which ge
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.
nvd
CVE-2005-3310P4LOWCVSS 3.5v2.0.172005-10-26
CVE-2005-3310 [LOW] CVE-2005-3310: Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows re
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cros
nvd
CVE-2005-0871P4MEDIUMCVSS 5.0v1.0.12005-05-02
CVE-2005-0871 [MEDIUM] CVE-2005-0871: calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS ser
calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message.
nvd
CVE-2005-0659P4MEDIUMCVSS 5.0v1.0.0v1.2.0+28 more2005-05-02
CVE-2005-0659 [MEDIUM] CVE-2005-0659: phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct reques
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.
nvd
← Previous4 / 4