| Max CVSS | 10.0 | Min CVSS | 4.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-6421 | 6.0 |
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
|
17-10-2018 - 21:48 | 10-12-2006 - 11:28 | |
| CVE-2006-4758 | 4.6 |
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. Succ
|
17-10-2018 - 21:39 | 13-09-2006 - 23:07 | |
| CVE-2006-6839 | 10.0 |
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
|
05-09-2008 - 21:15 | 31-12-2006 - 05:00 | |
| CVE-2006-6840 | 10.0 |
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
|
05-09-2008 - 21:15 | 31-12-2006 - 05:00 | |
| CVE-2006-6841 | 10.0 |
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
|
05-09-2008 - 21:15 | 31-12-2006 - 05:00 |