| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-4758 | 4.6 |
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. Succ
|
17-10-2018 - 21:39 | 13-09-2006 - 23:07 | |
| CVE-2008-0471 | 4.3 |
Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.
|
15-10-2018 - 22:00 | 29-01-2008 - 20:00 | |
| CVE-2006-6508 | 6.0 |
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtain
|
29-07-2017 - 01:29 | 14-12-2006 - 00:28 | |
| CVE-2006-6839 | 10.0 |
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
|
05-09-2008 - 21:15 | 31-12-2006 - 05:00 | |
| CVE-2006-6840 | 10.0 |
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
|
05-09-2008 - 21:15 | 31-12-2006 - 05:00 | |
| CVE-2006-6841 | 10.0 |
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
|
05-09-2008 - 21:15 | 31-12-2006 - 05:00 |