Phpbb Group

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2003-0486 1Phpbb Group 1Phpbb Apr 16, 2026 Aug 7, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
CVE-2003-0484 1Phpbb Group 1Phpbb Apr 16, 2026 Aug 7, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
CVE-2002-1537 1Phpbb Group 1Phpbb Apr 16, 2026 Mar 31, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
CVE-2002-2176 1Phpbb Group 1Phpbb Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 10.0 HIGH· v2 SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.
CVE-2002-1894 1Phpbb Group 1Phpbb Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
CVE-2002-1707 1Phpbb Group 1Phpbb Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to referenc...Show more install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.Show less
CVE-2002-0902 1Phpbb Group 1Phpbb Apr 16, 2026 Oct 4, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's securit...Show more Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.Show less
CVE-2002-0533 1Phpbb Group 1Phpbb Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
CVE-2002-0475 1Phpbb Group 1Phpbb Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
CVE-2002-0473 1Phpbb Group 1Phpbb Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 10.0 HIGH· v2 db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
CVE-2001-1482 1Phpbb Group 1Phpbb Apr 16, 2026 Dec 31, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
CVE-2001-1472 1Phpbb Group 1Phpbb Apr 16, 2026 Aug 3, 2001 N/A· v4 N/A· v3 4.6 MEDIUM· v2 SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

Previous 1 2 3 45