← Back

Myupb

myupb

7 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Ultimate Php Board
ultimate_php_board
4 CVEs
Flat Php Board
flat_php_board
2 CVEs
Upb
upb
1 CVE

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-61540
1Myupb
1Ultimate Php Board
Oct 21, 2025
Oct 16, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.
CVE-2025-61539
1Myupb
1Ultimate Php Board
Oct 21, 2025
Oct 16, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.
CVE-2015-2217
1Myupb
1Ultimate Php Board
May 6, 2026
Mar 10, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar paramet...Show more
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php.Show less
CVE-2008-6727
1Myupb
1Upb
Apr 23, 2026
Apr 20, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVE-2007-6399
1Myupb
1Flat Php Board
Apr 23, 2026
Dec 17, 2007
N/A· v4
N/A· v3
6.5 MEDIUM· v2
index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a pro...Show more
index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.Show less
CVE-2007-6396
1Myupb
1Flat Php Board
Apr 23, 2026
Dec 17, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering...Show more
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile.Show less
CVE-2003-0395
1Myupb
1Ultimate Php Board
Apr 16, 2026
Jul 2, 2003
N/A· v4
N/A· v3
7.5 HIGH· v2
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administra...Show more
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.Show less