Phpbb Group

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-2151 1Phpbb Group 1Phpbb Toplist Apr 16, 2026 May 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
CVE-2006-2150 1Phpbb Group 1Phpbb Toplist Apr 16, 2026 May 3, 2006 N/A· v4 N/A· v3 6.4 MEDIUM· v2 PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter.
CVE-2006-2134 1Phpbb Group 1Phpbb Apr 16, 2026 May 2, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2006-1896 1Phpbb Group 1Phpbb Apr 16, 2026 Apr 20, 2006 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibl...Show more Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability.Show less
CVE-2006-1895 1Phpbb Group 1Phpbb Apr 16, 2026 Apr 20, 2006 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose "....Show more Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.Show less
CVE-2006-1775 1Phpbb Group 1Phpbb Apr 16, 2026 Apr 13, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Grou...Show more Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.Show less
CVE-2006-1603 1Phpbb Group 1Phpbb Apr 16, 2026 Apr 4, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown;...Show more Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2006-0632 1Phpbb Group 1Phpbb Apr 16, 2026 Feb 10, 2006 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier f...Show more The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.Show less
CVE-2006-0438 1Phpbb Group 1Phpbb Apr 16, 2026 Feb 6, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag...Show more Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.Show less
CVE-2006-0437 1Phpbb Group 1Phpbb Apr 16, 2026 Feb 6, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_e...Show more Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.Show less
CVE-2006-0450 1Phpbb Group 1Phpbb Apr 16, 2026 Jan 27, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the dat...Show more phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.Show less
CVE-2006-0063 1Phpbb Group 1Phpbb Apr 16, 2026 Jan 5, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and...Show more Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.Show less
CVE-2005-3537 1Phpbb Group 1Phpbb Apr 16, 2026 Dec 22, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.
CVE-2005-3536 1Phpbb Group 1Phpbb Apr 16, 2026 Dec 22, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.
CVE-2005-4358 1Phpbb Group 1Phpbb Apr 16, 2026 Dec 20, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the...Show more admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.Show less
CVE-2005-4357 1Phpbb Group 1Phpbb Apr 16, 2026 Dec 20, 2005 N/A· v4 N/A· v3 2.6 LOW· v2 Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attribut...Show more Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.Show less
CVE-2005-3799 1Phpbb Group 1Phpbb Apr 16, 2026 Nov 24, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.
CVE-2005-3420 1Phpbb Group 1Phpbb Apr 16, 2026 Nov 1, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace stat...Show more usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.Show less
CVE-2005-3419 1Phpbb Group 1Phpbb Apr 16, 2026 Nov 1, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.
CVE-2005-3418 1Phpbb Group 1Phpbb Apr 16, 2026 Nov 1, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page param...Show more Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.Show less

Previous 123 4 5 Next