← Back

Phpbb Group

phpbb_group

92 CVEs • 6 products

Products (6)

Click to collapse
Toggle
Phpbb
phpbb
81 CVEs
Phpbb Auction
phpbb-auction
4 CVEs
Phpbb Advanced Guestbook
phpbb_advanced_guestbook
3 CVEs
Phpbb Toplist
phpbb_toplist
2 CVEs
Phpbb Plus
phpbb_plus
1 CVE
Vitrax Premodded Phpbb
vitrax_premodded_phpbb
1 CVE

CVEs (92)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2005-1047
1Phpbb Group
1Phpbb
Apr 16, 2026
Apr 7, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then d...Show more
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.Show less
CVE-2005-0259
1Phpbb Group
1Phpbb
Apr 16, 2026
Mar 14, 2005
N/A· v4
N/A· v3
6.4 MEDIUM· v2
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upl...Show more
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.Show less
CVE-2005-0258
1Phpbb Group
1Phpbb
Apr 16, 2026
Mar 14, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary fil...Show more
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.Show less
CVE-2005-0603
1Phpbb Group
1Phpbb
Apr 16, 2026
Feb 28, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
CVE-2004-2350
1Phpbb Group
1Phpbb
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
CVE-2004-2054
1Phpbb Group
1Phpbb
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) th...Show more
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.Show less
CVE-2004-1809
1Phpbb Group
1Phpbb
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum....Show more
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.Show less
CVE-2004-1535
1Phpbb Group
1Phpbb
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote...Show more
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.Show less
CVE-2004-2130
1Phpbb Group
1Phpbb
Apr 16, 2026
Dec 23, 2004
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables.
CVE-2004-0339
1Phpbb Group
1Phpbb
Apr 16, 2026
Nov 23, 2004
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.
CVE-2004-1315
1Phpbb Group
1Phpbb
Apr 16, 2026
Nov 12, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the h...Show more
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.Show less
CVE-2004-0730
1Phpbb Group
1Phpbb
Apr 16, 2026
Jul 27, 2004
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php a...Show more
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.Show less
CVE-2004-0729
1Phpbb Group
1Phpbb
Apr 16, 2026
Jul 27, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full pat...Show more
PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.Show less
CVE-2004-2055
1Phpbb Group
1Phpbb
Apr 16, 2026
Jul 19, 2004
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.
CVE-2004-1950
1Phpbb Group
1Phpbb
Apr 16, 2026
Apr 19, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
CVE-2004-1943
1Phpbb Group
1Phpbb
Apr 16, 2026
Apr 19, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
CVE-2003-1373
1Phpbb Group
1Phpbb
Apr 16, 2026
Dec 31, 2003
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as d...Show more
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.Show less
CVE-2003-1244
1Phpbb Group
1Phpbb
Apr 16, 2026
Dec 31, 2003
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVE-2003-1215
1Phpbb Group
1Phpbb
Apr 16, 2026
Dec 29, 2003
N/A· v4
N/A· v3
4.6 MEDIUM· v2
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
CVE-2003-1216
1Phpbb Group
1Phpbb
Apr 16, 2026
Nov 27, 2003
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.