Vulnerabilites related to phpbb_group - phpbb
CVE-2001-1482 (GCVE-0-2001-1482)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7253 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/219178 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3411 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-bbmemberlist-modify-sql(7253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7253"
},
{
"name": "20011008 phpBB 1.4.2, Remote user is able to modify SQL query.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/219178"
},
{
"name": "3411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-bbmemberlist-modify-sql(7253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7253"
},
{
"name": "20011008 phpBB 1.4.2, Remote user is able to modify SQL query.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/219178"
},
{
"name": "3411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-bbmemberlist-modify-sql(7253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7253"
},
{
"name": "20011008 phpBB 1.4.2, Remote user is able to modify SQL query.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/219178"
},
{
"name": "3411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1482",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3310 (GCVE-0-2005-3310)
Vulnerability from cvelistv5
Published
2005-10-25 04:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/15170 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22837 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2005/dsa-925 | vendor-advisory, x_refsource_DEBIAN | |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0479.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/18098 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17295/ | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=113017003617987&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15170",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15170"
},
{
"name": "phpbb-avatar-bypass-security(22837)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22837"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0479.html"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18098"
},
{
"name": "17295",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17295/"
},
{
"name": "20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113017003617987\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15170",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15170"
},
{
"name": "phpbb-avatar-bypass-security(22837)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22837"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0479.html"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18098"
},
{
"name": "17295",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17295/"
},
{
"name": "20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113017003617987\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15170"
},
{
"name": "phpbb-avatar-bypass-security(22837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22837"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0479.html"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
},
{
"name": "17295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17295/"
},
{
"name": "20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113017003617987\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3310",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-26T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3537 (GCVE-0-2005-3537)
Vulnerability from cvelistv5
Published
2005-12-22 23:00
Modified
2024-09-17 03:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/15246 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2005/dsa-925 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/18098 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15246"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A \"missing request validation\" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-22T23:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "15246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15246"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"missing request validation\" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15246"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3537",
"datePublished": "2005-12-22T23:00:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-17T03:17:49.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1196 (GCVE-0-2005-1196)
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111384185116335&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050418 phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111384185116335\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050418 phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111384185116335\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050418 phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111384185116335\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1196",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0603 (GCVE-0-2005-0603)
Vulnerability from cvelistv5
Published
2005-03-01 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.phpbb.com/phpBB/viewtopic.php?t=267563 | x_refsource_CONFIRM | |
| http://neossecurity.net/Advisories/Advisory-06.txt | x_refsource_MISC | |
| http://secunia.com/advisories/14413 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=110943646112950&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://neossecurity.net/Advisories/Advisory-06.txt"
},
{
"name": "14413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14413"
},
{
"name": "20050225 -==phpBB 2.0.12 Full path disclosure==-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110943646112950\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://neossecurity.net/Advisories/Advisory-06.txt"
},
{
"name": "14413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14413"
},
{
"name": "20050225 -==phpBB 2.0.12 Full path disclosure==-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110943646112950\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
},
{
"name": "http://neossecurity.net/Advisories/Advisory-06.txt",
"refsource": "MISC",
"url": "http://neossecurity.net/Advisories/Advisory-06.txt"
},
{
"name": "14413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14413"
},
{
"name": "20050225 -==phpBB 2.0.12 Full path disclosure==-",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110943646112950\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0603",
"datePublished": "2005-03-01T05:00:00",
"dateReserved": "2005-03-01T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1216 (GCVE-0-2003-1216)
Vulnerability from cvelistv5
Published
2005-05-27 04:00
Modified
2024-08-08 02:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.phpbb.com/phpBB/viewtopic.php?t=153818 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13867 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107196735102970&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9122 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=107005608726609&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=106997132425576&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818"
},
{
"name": "phpbb-searchphp-sql-injection(13867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867"
},
{
"name": "20031220 phpBB v2.06 search_id sql injection exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107196735102970\u0026w=2"
},
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9122"
},
{
"name": "20031128 [Hat-Squad] phpBB search_id injection exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107005608726609\u0026w=2"
},
{
"name": "20031127 phpBB 2.06 search.php SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106997132425576\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818"
},
{
"name": "phpbb-searchphp-sql-injection(13867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867"
},
{
"name": "20031220 phpBB v2.06 search_id sql injection exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107196735102970\u0026w=2"
},
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9122"
},
{
"name": "20031128 [Hat-Squad] phpBB search_id injection exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107005608726609\u0026w=2"
},
{
"name": "20031127 phpBB 2.06 search.php SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106997132425576\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818"
},
{
"name": "phpbb-searchphp-sql-injection(13867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867"
},
{
"name": "20031220 phpBB v2.06 search_id sql injection exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107196735102970\u0026w=2"
},
{
"name": "9122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9122"
},
{
"name": "20031128 [Hat-Squad] phpBB search_id injection exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107005608726609\u0026w=2"
},
{
"name": "20031127 phpBB 2.06 search.php SQL injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106997132425576\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1216",
"datePublished": "2005-05-27T04:00:00",
"dateReserved": "2005-05-27T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0339 (GCVE-0-2004-0339)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15348 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9765 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=107799508130700&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-viewtopicphp-xss(15348)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15348"
},
{
"name": "9765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9765"
},
{
"name": "20040228 New phpBB ViewTopic.php Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107799508130700\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-viewtopicphp-xss(15348)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15348"
},
{
"name": "9765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9765"
},
{
"name": "20040228 New phpBB ViewTopic.php Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107799508130700\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-viewtopicphp-xss(15348)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15348"
},
{
"name": "9765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9765"
},
{
"name": "20040228 New phpBB ViewTopic.php Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107799508130700\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0339",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1115 (GCVE-0-2005-1115)
Vulnerability from cvelistv5
Published
2005-04-16 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/13157 | vdb-entry, x_refsource_BID | |
| http://www.digitalparadox.org/advisories/phpbbp.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=111343406309969&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/13158 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"name": "13158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"name": "13158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13157"
},
{
"name": "http://www.digitalparadox.org/advisories/phpbbp.txt",
"refsource": "MISC",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"name": "13158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1115",
"datePublished": "2005-04-16T04:00:00",
"dateReserved": "2005-04-16T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3417 (GCVE-0-2005-3417)
Vulnerability from cvelistv5
Published
2005-11-01 21:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/20414 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=113081113317600&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2005/dsa-925 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/17366 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/130 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/18098 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.hardened-php.net/advisory_172005.75.html | x_refsource_MISC | |
| http://securitytracker.com/id?1015121 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/15243 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20414",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20414"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20414",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20414"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20414",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20414"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
},
{
"name": "http://www.hardened-php.net/advisory_172005.75.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3417",
"datePublished": "2005-11-01T21:00:00",
"dateReserved": "2005-11-01T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2219 (GCVE-0-2006-2219)
Vulnerability from cvelistv5
Published
2007-02-08 17:00
Modified
2024-08-07 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26306 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=114695651425026&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=full-disclosure&m=114685931319903&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://securityreason.com/securityalert/837 | third-party-advisory, x_refsource_SREASON | |
| http://marc.info/?l=bugtraq&m=114731067321710&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-multiple-path-disclosure(26306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"name": "837",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/837"
},
{
"name": "20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-multiple-path-disclosure(26306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"name": "837",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/837"
},
{
"name": "20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-multiple-path-disclosure(26306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"name": "837",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/837"
},
{
"name": "20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2219",
"datePublished": "2007-02-08T17:00:00",
"dateReserved": "2006-05-05T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3415 (GCVE-0-2005-3415)
Vulnerability from cvelistv5
Published
2005-11-01 21:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22914 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=113081113317600&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/20386 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2005/dsa-925 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/17366 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/130 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/18098 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.hardened-php.net/advisory_172005.75.html | x_refsource_MISC | |
| http://securitytracker.com/id?1015121 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/15243 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-multiple-variables-bypass-security(22914)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22914"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "20386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20386"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-multiple-variables-bypass-security(22914)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22914"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "20386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20386"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-multiple-variables-bypass-security(22914)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22914"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "20386",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20386"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
},
{
"name": "http://www.hardened-php.net/advisory_172005.75.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3415",
"datePublished": "2005-11-01T21:00:00",
"dateReserved": "2005-11-01T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0871 (GCVE-0-2005-0871)
Vulnerability from cvelistv5
Published
2005-03-26 05:00
Modified
2024-08-07 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19824 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=111168190630576&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/14659 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1013554 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "topic-calendar-path-disclosure(19824)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19824"
},
{
"name": "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"name": "14659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14659"
},
{
"name": "1013554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "topic-calendar-path-disclosure(19824)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19824"
},
{
"name": "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"name": "14659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14659"
},
{
"name": "1013554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "topic-calendar-path-disclosure(19824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19824"
},
{
"name": "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"name": "14659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14659"
},
{
"name": "1013554",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0871",
"datePublished": "2005-03-26T05:00:00",
"dateReserved": "2005-03-26T00:00:00",
"dateUpdated": "2024-08-07T21:28:28.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0673 (GCVE-0-2005-0673)
Vulnerability from cvelistv5
Published
2005-03-07 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1013362 | vdb-entry, x_refsource_SECTRACK | |
| http://neosecurityteam.tk/index.php?pagina=advisories&id=8 | x_refsource_MISC | |
| http://secunia.com/advisories/14475 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013362",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013362"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=8"
},
{
"name": "14475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-25T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013362",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013362"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=8"
},
{
"name": "14475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013362",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013362"
},
{
"name": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=8",
"refsource": "MISC",
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=8"
},
{
"name": "14475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0673",
"datePublished": "2005-03-07T05:00:00",
"dateReserved": "2005-03-07T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2054 (GCVE-0-2004-2054)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109034476122723&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10753 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16759 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/12114 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040720 PhpBB HTTP Response Splitting \u0026 Cross Site Scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"name": "10753",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10753"
},
{
"name": "phpbb-search-response-splitting(16759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16759"
},
{
"name": "12114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040720 PhpBB HTTP Response Splitting \u0026 Cross Site Scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"name": "10753",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10753"
},
{
"name": "phpbb-search-response-splitting(16759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16759"
},
{
"name": "12114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040720 PhpBB HTTP Response Splitting \u0026 Cross Site Scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"name": "10753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10753"
},
{
"name": "phpbb-search-response-splitting(16759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16759"
},
{
"name": "12114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2054",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1244 (GCVE-0-2003-1244)
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-08 02:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/6888 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/11376.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6888"
},
{
"name": "20030220 phpBB Security Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-pageheader-sql-injection(11376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11376.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6888"
},
{
"name": "20030220 phpBB Security Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-pageheader-sql-injection(11376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11376.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6888"
},
{
"name": "20030220 phpBB Security Bugs",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-pageheader-sql-injection(11376)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11376.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1244",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-08T02:19:46.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2358 (GCVE-0-2004-2358)
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15579 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2004-03/0219.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9896 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-adminwords-xss(15579)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15579"
},
{
"name": "20040322 [waraxe-2004-SA#009 - Non-critical Sql injection and XSS bug in PhpBB 2.0.6c]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0219.html"
},
{
"name": "9896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-adminwords-xss(15579)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15579"
},
{
"name": "20040322 [waraxe-2004-SA#009 - Non-critical Sql injection and XSS bug in PhpBB 2.0.6c]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0219.html"
},
{
"name": "9896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-adminwords-xss(15579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15579"
},
{
"name": "20040322 [waraxe-2004-SA#009 - Non-critical Sql injection and XSS bug in PhpBB 2.0.6c]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0219.html"
},
{
"name": "9896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2358",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2350 (GCVE-0-2004-2350)
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9883 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/357442 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15475 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9883",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9883"
},
{
"name": "20040314 [SCAN Associates Sdn Bhd Security Advisory] phpBB 2.0.6 and below sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/357442"
},
{
"name": "phpbb-config-sql-injection(15475)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9883",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9883"
},
{
"name": "20040314 [SCAN Associates Sdn Bhd Security Advisory] phpBB 2.0.6 and below sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/357442"
},
{
"name": "phpbb-config-sql-injection(15475)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9883"
},
{
"name": "20040314 [SCAN Associates Sdn Bhd Security Advisory] phpBB 2.0.6 and below sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/357442"
},
{
"name": "phpbb-config-sql-injection(15475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2350",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5435 (GCVE-0-2006-5435)
Vulnerability from cvelistv5
Published
2006-10-20 23:00
Modified
2024-08-07 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/449114/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/449232/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061018 PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"name": "20061018 Re: PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061018 PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"name": "20061018 Re: PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061018 PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"name": "20061018 Re: PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5435",
"datePublished": "2006-10-20T23:00:00",
"dateReserved": "2006-10-20T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3420 (GCVE-0-2005-3420)
Vulnerability from cvelistv5
Published
2005-11-01 21:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/2250 | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=113081113317600&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2005/dsa-925 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/17366 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/130 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/18098 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.hardened-php.net/advisory_172005.75.html | x_refsource_MISC | |
| http://www.osvdb.org/20391 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1015121 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/15243 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "20391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20391"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an \"e\" modifier into a preg_replace statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "20391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20391"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an \"e\" modifier into a preg_replace statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2250",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
},
{
"name": "http://www.hardened-php.net/advisory_172005.75.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "20391",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20391"
},
{
"name": "1015121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3420",
"datePublished": "2005-11-01T21:00:00",
"dateReserved": "2005-11-01T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2865 (GCVE-0-2006-2865)
Vulnerability from cvelistv5
Published
2006-06-06 20:03
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/435995/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/435869/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/18255 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/436118/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/435978/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060605 Re: phpBB2 (template.php) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435995/100/0/threaded"
},
{
"name": "20060603 phpBB2 (template.php) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435869/100/0/threaded"
},
{
"name": "18255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18255"
},
{
"name": "20060606 Re: phpBB2 (template.php) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436118/100/0/threaded"
},
{
"name": "20060604 RE: phpBB2 (template.php) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435978/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060605 Re: phpBB2 (template.php) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435995/100/0/threaded"
},
{
"name": "20060603 phpBB2 (template.php) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435869/100/0/threaded"
},
{
"name": "18255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18255"
},
{
"name": "20060606 Re: phpBB2 (template.php) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436118/100/0/threaded"
},
{
"name": "20060604 RE: phpBB2 (template.php) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435978/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060605 Re: phpBB2 (template.php) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435995/100/0/threaded"
},
{
"name": "20060603 phpBB2 (template.php) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435869/100/0/threaded"
},
{
"name": "18255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18255"
},
{
"name": "20060606 Re: phpBB2 (template.php) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436118/100/0/threaded"
},
{
"name": "20060604 RE: phpBB2 (template.php) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435978/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2865",
"datePublished": "2006-06-06T20:03:00",
"dateReserved": "2006-06-06T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0872 (GCVE-0-2005-0872)
Vulnerability from cvelistv5
Published
2005-03-26 05:00
Modified
2024-08-07 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19821 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=111168190630576&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/14659 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1013554 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "topic-calendar-start-xss(19821)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19821"
},
{
"name": "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"name": "14659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14659"
},
{
"name": "1013554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "topic-calendar-start-xss(19821)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19821"
},
{
"name": "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"name": "14659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14659"
},
{
"name": "1013554",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "topic-calendar-start-xss(19821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19821"
},
{
"name": "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"name": "14659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14659"
},
{
"name": "1013554",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0872",
"datePublished": "2005-03-26T05:00:00",
"dateReserved": "2005-03-26T00:00:00",
"dateUpdated": "2024-08-07T21:28:28.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1896 (GCVE-0-2006-1896)
Vulnerability from cvelistv5
Published
2006-04-20 10:00
Modified
2024-08-07 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/431015/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2006/dsa-1066 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25889 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/431387/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/715 | third-party-advisory, x_refsource_SREASON | |
| http://securityreason.com/securityalert/762 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/20093 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/20197 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060414 phpBB Admin command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431015/100/0/threaded"
},
{
"name": "DSA-1066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1066"
},
{
"name": "phpbb-admin-code-execution(25889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25889"
},
{
"name": "20060418 Re: phpBB Admin command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431387/100/0/threaded"
},
{
"name": "715",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/715"
},
{
"name": "762",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/762"
},
{
"name": "20093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20093"
},
{
"name": "20197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060414 phpBB Admin command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431015/100/0/threaded"
},
{
"name": "DSA-1066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1066"
},
{
"name": "phpbb-admin-code-execution(25889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25889"
},
{
"name": "20060418 Re: phpBB Admin command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431387/100/0/threaded"
},
{
"name": "715",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/715"
},
{
"name": "762",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/762"
},
{
"name": "20093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20093"
},
{
"name": "20197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20197"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060414 phpBB Admin command execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431015/100/0/threaded"
},
{
"name": "DSA-1066",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1066"
},
{
"name": "phpbb-admin-code-execution(25889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25889"
},
{
"name": "20060418 Re: phpBB Admin command execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431387/100/0/threaded"
},
{
"name": "715",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/715"
},
{
"name": "762",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/762"
},
{
"name": "20093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20093"
},
{
"name": "20197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20197"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1896",
"datePublished": "2006-04-20T10:00:00",
"dateReserved": "2006-04-20T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0438 (GCVE-0-2006-0438)
Vulnerability from cvelistv5
Published
2006-02-06 22:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/22929 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/0445 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18693 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html | mailing-list, x_refsource_FULLDISC | |
| http://securityreason.com/achievement_securityalert/31 | third-party-advisory, x_refsource_SREASONRES | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24497 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/406 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22929"
},
{
"name": "ADV-2006-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"name": "18693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18693"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"name": "phpbb-referer-header-http-xss(24497)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
},
{
"name": "406",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22929"
},
{
"name": "ADV-2006-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"name": "18693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18693"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"name": "phpbb-referer-header-http-xss(24497)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
},
{
"name": "406",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22929",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22929"
},
{
"name": "ADV-2006-0445",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"name": "18693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18693"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"name": "phpbb-referer-header-http-xss(24497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
},
{
"name": "406",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0438",
"datePublished": "2006-02-06T22:00:00",
"dateReserved": "2006-01-26T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1116 (GCVE-0-2005-1116)
Vulnerability from cvelistv5
Published
2005-04-16 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.digitalparadox.org/advisories/phpbbp.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=111343406309969&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalparadox.org/advisories/phpbbp.txt",
"refsource": "MISC",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1116",
"datePublished": "2005-04-16T04:00:00",
"dateReserved": "2005-04-16T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1695 (GCVE-0-2007-1695)
Vulnerability from cvelistv5
Published
2007-03-27 01:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/463817/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/463718/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"name": "20070324 Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"name": "20070324 Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"name": "20070324 Remote File Include In phpBB-2.0.19",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1695",
"datePublished": "2007-03-27T01:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1215 (GCVE-0-2003-1215)
Vulnerability from cvelistv5
Published
2005-05-27 04:00
Modified
2024-08-08 02:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=107273069130885&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9314 | vdb-entry, x_refsource_BID | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14096 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031229 SQL Injection in phpBB\u0027s groupcp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107273069130885\u0026w=2"
},
{
"name": "9314",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9314"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
},
{
"name": "phpbb-groupcp-sql-injection(14096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031229 SQL Injection in phpBB\u0027s groupcp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107273069130885\u0026w=2"
},
{
"name": "9314",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9314"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
},
{
"name": "phpbb-groupcp-sql-injection(14096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031229 SQL Injection in phpBB\u0027s groupcp.php",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107273069130885\u0026w=2"
},
{
"name": "9314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9314"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
},
{
"name": "phpbb-groupcp-sql-injection(14096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1215",
"datePublished": "2005-05-27T04:00:00",
"dateReserved": "2005-05-27T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6421 (GCVE-0-2006-6421)
Vulnerability from cvelistv5
Published
2006-12-10 11:00
Modified
2024-08-07 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30776 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/456579/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/456728/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/22001 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/21806 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/456784/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/453774/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/23283 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/2005 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-privmsgphp-xss(30776)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"name": "20070111 phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "20070111 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"name": "22001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22001"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "20070112 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"name": "20061207 phpbb 2.0.x [xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23283"
},
{
"name": "2005",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \"Message body\" field in a message to a non-existent user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-privmsgphp-xss(30776)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"name": "20070111 phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "20070111 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"name": "22001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22001"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "20070112 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"name": "20061207 phpbb 2.0.x [xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23283"
},
{
"name": "2005",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \"Message body\" field in a message to a non-existent user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-privmsgphp-xss(30776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"name": "20070111 phpBB (privmsg.php) XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "20070111 Re: phpBB (privmsg.php) XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"name": "22001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22001"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "20070112 Re: phpBB (privmsg.php) XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"name": "20061207 phpbb 2.0.x [xss]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"name": "23283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23283"
},
{
"name": "2005",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6421",
"datePublished": "2006-12-10T11:00:00",
"dateReserved": "2006-12-09T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1603 (GCVE-0-2006-1603)
Vulnerability from cvelistv5
Published
2006-04-04 10:00
Modified
2024-08-07 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/1191 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/17355 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/ref/24/24353-phpbb.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25599 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/24353 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/19494 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1191"
},
{
"name": "17355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17355"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"name": "phpbb-profile-script-xss(25599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25599"
},
{
"name": "24353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24353"
},
{
"name": "19494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19494"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1191"
},
{
"name": "17355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17355"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"name": "phpbb-profile-script-xss(25599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25599"
},
{
"name": "24353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24353"
},
{
"name": "19494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19494"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1191"
},
{
"name": "17355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17355"
},
{
"name": "http://osvdb.org/ref/24/24353-phpbb.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"name": "phpbb-profile-script-xss(25599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25599"
},
{
"name": "24353",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24353"
},
{
"name": "19494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19494"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1603",
"datePublished": "2006-04-04T10:00:00",
"dateReserved": "2006-04-03T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1472 (GCVE-0-2001-1472)
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 04:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/201715 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3142 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6944 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/314347 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010803 phpBB 1.4.0 bug leads to easy admin privileges",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/201715"
},
{
"name": "3142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3142"
},
{
"name": "phpbb-admin-access(6944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6944"
},
{
"name": "VU#314347",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/314347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010803 phpBB 1.4.0 bug leads to easy admin privileges",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/201715"
},
{
"name": "3142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3142"
},
{
"name": "phpbb-admin-access(6944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6944"
},
{
"name": "VU#314347",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/314347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010803 phpBB 1.4.0 bug leads to easy admin privileges",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/201715"
},
{
"name": "3142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3142"
},
{
"name": "phpbb-admin-access(6944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6944"
},
{
"name": "VU#314347",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/314347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1472",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1895 (GCVE-0-2006-1895)
Vulnerability from cvelistv5
Published
2006-04-20 10:00
Modified
2024-08-07 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/431017/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/17573 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/769 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25888 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060414 phpBB template file code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431017/100/0/threaded"
},
{
"name": "17573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17573"
},
{
"name": "769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/769"
},
{
"name": "phpbb-template-code-execution(25888)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose \".*\" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060414 phpBB template file code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431017/100/0/threaded"
},
{
"name": "17573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17573"
},
{
"name": "769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/769"
},
{
"name": "phpbb-template-code-execution(25888)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25888"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose \".*\" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060414 phpBB template file code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431017/100/0/threaded"
},
{
"name": "17573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17573"
},
{
"name": "769",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/769"
},
{
"name": "phpbb-template-code-execution(25888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25888"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1895",
"datePublished": "2006-04-20T10:00:00",
"dateReserved": "2006-04-20T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0486 (GCVE-0-2003-0486)
Vulnerability from cvelistv5
Published
2003-06-28 04:00
Modified
2024-08-08 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/7979 | vdb-entry, x_refsource_BID | |
| http://www.phpbb.com/phpBB/viewtopic.php?t=112052 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=105607263130644&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12366 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7979",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7979"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=112052"
},
{
"name": "20030619 phpBB password disclosure by sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105607263130644\u0026w=2"
},
{
"name": "phpbb-viewtopic-sql-injection(12366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7979",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7979"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=112052"
},
{
"name": "20030619 phpBB password disclosure by sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105607263130644\u0026w=2"
},
{
"name": "phpbb-viewtopic-sql-injection(12366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7979"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?t=112052",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=112052"
},
{
"name": "20030619 phpBB password disclosure by sql injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105607263130644\u0026w=2"
},
{
"name": "phpbb-viewtopic-sql-injection(12366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0486",
"datePublished": "2003-06-28T04:00:00",
"dateReserved": "2003-06-27T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1809 (GCVE-0-2004-1809)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.phpbb.com/support/documents.php?mode=changelog#206 | x_refsource_CONFIRM | |
| http://www.osvdb.org/4259 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/4257 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=107920498205324&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11121 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15464 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9865 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/9866 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:48.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog#206"
},
{
"name": "4259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4259"
},
{
"name": "4257",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4257"
},
{
"name": "20040313 phpBB 2.0.6d \u0026\u0026 Earlier Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107920498205324\u0026w=2"
},
{
"name": "11121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11121"
},
{
"name": "phpbb-viewforum-viewtopic-xss(15464)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15464"
},
{
"name": "9865",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9865"
},
{
"name": "9866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog#206"
},
{
"name": "4259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4259"
},
{
"name": "4257",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4257"
},
{
"name": "20040313 phpBB 2.0.6d \u0026\u0026 Earlier Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107920498205324\u0026w=2"
},
{
"name": "11121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11121"
},
{
"name": "phpbb-viewforum-viewtopic-xss(15464)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15464"
},
{
"name": "9865",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9865"
},
{
"name": "9866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpbb.com/support/documents.php?mode=changelog#206",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/support/documents.php?mode=changelog#206"
},
{
"name": "4259",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4259"
},
{
"name": "4257",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4257"
},
{
"name": "20040313 phpBB 2.0.6d \u0026\u0026 Earlier Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107920498205324\u0026w=2"
},
{
"name": "11121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11121"
},
{
"name": "phpbb-viewforum-viewtopic-xss(15464)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15464"
},
{
"name": "9865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9865"
},
{
"name": "9866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1809",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:48.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0473 (GCVE-0-2002-0473)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483 | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/8476.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4380 | vdb-entry, x_refsource_BID | |
| http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip | x_refsource_CONFIRM | |
| http://www.osvdb.org/4268 | vdb-entry, x_refsource_OSVDB | |
| http://online.securityfocus.com/archive/82/262600 | mailing-list, x_refsource_VULN-DEV | |
| http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:28.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483"
},
{
"name": "20020318 phpBB2 remote execution command",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html"
},
{
"name": "phpbb-db-command-execution(8476)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8476.php"
},
{
"name": "4380",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip"
},
{
"name": "4268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4268"
},
{
"name": "20020318 phpBB2 remote execution command",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/82/262600"
},
{
"name": "20020318 Re: phpBB2 remote execution command (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-15T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483"
},
{
"name": "20020318 phpBB2 remote execution command",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html"
},
{
"name": "phpbb-db-command-execution(8476)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8476.php"
},
{
"name": "4380",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip"
},
{
"name": "4268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4268"
},
{
"name": "20020318 phpBB2 remote execution command",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://online.securityfocus.com/archive/82/262600"
},
{
"name": "20020318 Re: phpBB2 remote execution command (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483",
"refsource": "MISC",
"url": "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483"
},
{
"name": "20020318 phpBB2 remote execution command",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html"
},
{
"name": "phpbb-db-command-execution(8476)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8476.php"
},
{
"name": "4380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4380"
},
{
"name": "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip",
"refsource": "CONFIRM",
"url": "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip"
},
{
"name": "4268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4268"
},
{
"name": "20020318 phpBB2 remote execution command",
"refsource": "VULN-DEV",
"url": "http://online.securityfocus.com/archive/82/262600"
},
{
"name": "20020318 Re: phpBB2 remote execution command (fwd)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0473",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:28.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0632 (GCVE-0-2006-0632)
Vulnerability from cvelistv5
Published
2006-02-10 11:00
Modified
2024-08-07 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/424074/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.r-security.net/tutorials/view/readtutorial.php?id=4 | x_refsource_MISC | |
| http://secunia.com/advisories/18727 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0461 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24573 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/22949 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060205 Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424074/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
},
{
"name": "18727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18727"
},
{
"name": "ADV-2006-0461",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0461"
},
{
"name": "phpbb-weak-rnd(24573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24573"
},
{
"name": "22949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key (\"validation ID\") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060205 Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424074/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
},
{
"name": "18727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18727"
},
{
"name": "ADV-2006-0461",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0461"
},
{
"name": "phpbb-weak-rnd(24573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24573"
},
{
"name": "22949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key (\"validation ID\") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060205 Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424074/100/0/threaded"
},
{
"name": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4",
"refsource": "MISC",
"url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
},
{
"name": "18727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18727"
},
{
"name": "ADV-2006-0461",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0461"
},
{
"name": "phpbb-weak-rnd(24573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24573"
},
{
"name": "22949",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0632",
"datePublished": "2006-02-10T11:00:00",
"dateReserved": "2006-02-10T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4758 (GCVE-0-2006-4758)
Vulnerability from cvelistv5
Published
2006-09-13 23:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/20347 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/445788/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28871 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28884 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/21806 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2008/dsa-1488 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.security.nnov.ru/Odocument221.html | x_refsource_MISC | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 | x_refsource_MISC | |
| http://secunia.com/advisories/22188 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20347"
},
{
"name": "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "phpbb-nullbyte-file-upload(28884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security.nnov.ru/Odocument221.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "22188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20347"
},
{
"name": "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "phpbb-nullbyte-file-upload(28884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security.nnov.ru/Odocument221.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "22188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20347"
},
{
"name": "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "phpbb-nullbyte-file-upload(28884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "http://www.security.nnov.ru/Odocument221.html",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/Odocument221.html"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "MISC",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "22188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4758",
"datePublished": "2006-09-13T23:00:00",
"dateReserved": "2006-09-13T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1373 (GCVE-0-2003-1373)
Vulnerability from cvelistv5
Published
2007-10-17 01:00
Modified
2024-08-08 02:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/6889 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11407 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1373",
"datePublished": "2007-10-17T01:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4357 (GCVE-0-2005-4357)
Vulnerability from cvelistv5
Published
2005-12-20 01:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=113484567432679&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2005/2991 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18252 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/420537/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/18125 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.phpbb.com/phpBB/viewtopic.php?t=352966 | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/269 | x_refsource_MISC | |
| http://www.osvdb.org/21803 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/achievement_securityalert/29 | third-party-advisory, x_refsource_SREASONRES | |
| http://www.vupen.com/english/advisories/2006/0010 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:04.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"name": "ADV-2005-2991",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"name": "18252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18252"
},
{
"name": "20051230 phpbb2.0.19 fixes security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"name": "18125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=352966"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/269"
},
{
"name": "21803",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21803"
},
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"name": "ADV-2006-0010",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when \"Allowed HTML tags\" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with \" (quote) characters and active attributes such as onmouseover."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"name": "ADV-2005-2991",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"name": "18252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18252"
},
{
"name": "20051230 phpbb2.0.19 fixes security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"name": "18125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=352966"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityreason.com/securityalert/269"
},
{
"name": "21803",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21803"
},
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"name": "ADV-2006-0010",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when \"Allowed HTML tags\" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with \" (quote) characters and active attributes such as onmouseover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"name": "ADV-2005-2991",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"name": "18252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18252"
},
{
"name": "20051230 phpbb2.0.19 fixes security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"name": "18125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18125"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?t=352966",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=352966"
},
{
"name": "http://securityreason.com/securityalert/269",
"refsource": "MISC",
"url": "http://securityreason.com/securityalert/269"
},
{
"name": "21803",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21803"
},
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"name": "ADV-2006-0010",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4357",
"datePublished": "2005-12-20T01:00:00",
"dateReserved": "2005-12-20T00:00:00",
"dateUpdated": "2024-08-07T23:46:04.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2055 (GCVE-0-2004-2055)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109034476122723&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10753 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16758 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/12114 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040720 PhpBB HTTP Response Splitting \u0026 Cross Site Scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"name": "10753",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10753"
},
{
"name": "phpbb-search-searchauthor-xss(16758)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16758"
},
{
"name": "12114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040720 PhpBB HTTP Response Splitting \u0026 Cross Site Scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"name": "10753",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10753"
},
{
"name": "phpbb-search-searchauthor-xss(16758)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16758"
},
{
"name": "12114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040720 PhpBB HTTP Response Splitting \u0026 Cross Site Scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"name": "10753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10753"
},
{
"name": "phpbb-search-searchauthor-xss(16758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16758"
},
{
"name": "12114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2055",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1775 (GCVE-0-2006-1775)
Vulnerability from cvelistv5
Published
2006-04-13 10:00
Modified
2024-09-16 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/ref/24/24353-phpbb.txt | x_refsource_MISC | |
| http://www.osvdb.org/24354 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/24357 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/24355 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/24356 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:28.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"name": "24354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24354"
},
{
"name": "24357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24357"
},
{
"name": "24355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24355"
},
{
"name": "24356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"name": "24354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24354"
},
{
"name": "24357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24357"
},
{
"name": "24355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24355"
},
{
"name": "24356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://osvdb.org/ref/24/24353-phpbb.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"name": "24354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24354"
},
{
"name": "24357",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24357"
},
{
"name": "24355",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24355"
},
{
"name": "24356",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1775",
"datePublished": "2006-04-13T10:00:00Z",
"dateReserved": "2006-04-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:42:21.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0063 (GCVE-0-2006-0063)
Vulnerability from cvelistv5
Published
2006-01-05 19:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0051 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/22672 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/313 | third-party-advisory, x_refsource_SREASON | |
| http://securityreason.com/achievement_securityalert/30 | third-party-advisory, x_refsource_SREASONRES |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0051"
},
{
"name": "22672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22672"
},
{
"name": "313",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/313"
},
{
"name": "20060105 phpBB 2.0.19 XSS",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when \"Allowed HTML tags\" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with \u0027 (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-03T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0051"
},
{
"name": "22672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22672"
},
{
"name": "313",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/313"
},
{
"name": "20060105 phpBB 2.0.19 XSS",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when \"Allowed HTML tags\" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with \u0027 (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0051"
},
{
"name": "22672",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22672"
},
{
"name": "313",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/313"
},
{
"name": "20060105 phpBB 2.0.19 XSS",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0063",
"datePublished": "2006-01-05T19:00:00",
"dateReserved": "2006-01-03T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1535 (GCVE-0-2004-1535)
Vulnerability from cvelistv5
Published
2005-02-19 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18151 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110075903308817&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=110082153702843&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-admincashphp-file-include(18151)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18151"
},
{
"name": "20041118 Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110075903308817\u0026w=2"
},
{
"name": "20041118 Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110082153702843\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-admincashphp-file-include(18151)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18151"
},
{
"name": "20041118 Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110075903308817\u0026w=2"
},
{
"name": "20041118 Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110082153702843\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-admincashphp-file-include(18151)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18151"
},
{
"name": "20041118 Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110075903308817\u0026w=2"
},
{
"name": "20041118 Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110082153702843\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1535",
"datePublished": "2005-02-19T05:00:00",
"dateReserved": "2005-02-18T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0902 (GCVE-0-2002-0902)
Vulnerability from cvelistv5
Published
2002-08-31 04:00
Modified
2024-08-08 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/4858 | vdb-entry, x_refsource_BID | |
| http://online.securityfocus.com/archive/1/274273 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9178.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4858"
},
{
"name": "20020526 Cross Site Scripting Vulnerability in phpBB2\u0027s [IMG] tag and remote avatar",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/274273"
},
{
"name": "phpbb-bbcode-image-css(9178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9178.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (\") in the [IMG] tag, which bypasses phpBB\u0027s security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4858"
},
{
"name": "20020526 Cross Site Scripting Vulnerability in phpBB2\u0027s [IMG] tag and remote avatar",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/274273"
},
{
"name": "phpbb-bbcode-image-css(9178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9178.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (\") in the [IMG] tag, which bypasses phpBB\u0027s security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4858"
},
{
"name": "20020526 Cross Site Scripting Vulnerability in phpBB2\u0027s [IMG] tag and remote avatar",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/274273"
},
{
"name": "phpbb-bbcode-image-css(9178)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9178.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0902",
"datePublished": "2002-08-31T04:00:00",
"dateReserved": "2002-08-16T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2130 (GCVE-0-2004-2130)
Vulnerability from cvelistv5
Published
2005-05-27 04:00
Modified
2024-08-08 01:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=107530946123822&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9290 | vdb-entry, x_refsource_BID | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040128 phpBB privmsg.php XSS vulnerability patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107530946123822\u0026w=2"
},
{
"name": "9290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040128 phpBB privmsg.php XSS vulnerability patch.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107530946123822\u0026w=2"
},
{
"name": "9290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040128 phpBB privmsg.php XSS vulnerability patch.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107530946123822\u0026w=2"
},
{
"name": "9290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9290"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2130",
"datePublished": "2005-05-27T04:00:00",
"dateReserved": "2005-05-27T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0258 (GCVE-0-2005-0258)
Vulnerability from cvelistv5
Published
2005-02-22 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.phpbb.com/support/documents.php?mode=changelog | x_refsource_CONFIRM | |
| http://www.idefense.com/application/poi/display?id=205&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200503-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
},
{
"name": "20050222 phpBB Group phpBB2 Arbitrary File Unlink Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=205\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via \"/../\" sequences in the avatarselect parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200503-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
},
{
"name": "20050222 phpBB Group phpBB2 Arbitrary File Unlink Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=205\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via \"/../\" sequences in the avatarselect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200503-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"name": "http://www.phpbb.com/support/documents.php?mode=changelog",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
},
{
"name": "20050222 phpBB Group phpBB2 Arbitrary File Unlink Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=205\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0258",
"datePublished": "2005-02-22T05:00:00",
"dateReserved": "2005-02-09T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4358 (GCVE-0-2005-4358)
Vulnerability from cvelistv5
Published
2005-12-20 01:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=113484567432679&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2005/2991 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18252 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/420537/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/18125 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=352966 | x_refsource_CONFIRM | |
| http://securityreason.com/achievement_securityalert/29 | third-party-advisory, x_refsource_SREASONRES | |
| http://securityreason.com/securityalert/269 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2006/0010 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/21804 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:04.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"name": "ADV-2005-2991",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"name": "18252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18252"
},
{
"name": "20051230 phpbb2.0.19 fixes security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"name": "18125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=352966"
},
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"name": "269",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/269"
},
{
"name": "ADV-2006-0010",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0010"
},
{
"name": "21804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"name": "ADV-2005-2991",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"name": "18252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18252"
},
{
"name": "20051230 phpbb2.0.19 fixes security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"name": "18125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=352966"
},
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"name": "269",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/269"
},
{
"name": "ADV-2006-0010",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0010"
},
{
"name": "21804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"name": "ADV-2005-2991",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"name": "18252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18252"
},
{
"name": "20051230 phpbb2.0.19 fixes security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"name": "18125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18125"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=352966",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=352966"
},
{
"name": "20051217 phpBB 2.0.18 XSS and Full Path Disclosure",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"name": "269",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/269"
},
{
"name": "ADV-2006-0010",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0010"
},
{
"name": "21804",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4358",
"datePublished": "2005-12-20T01:00:00",
"dateReserved": "2005-12-20T00:00:00",
"dateUpdated": "2024-08-07T23:46:04.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4450 (GCVE-0-2006-4450)
Vulnerability from cvelistv5
Published
2006-08-30 01:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1470 | third-party-advisory, x_refsource_SREASON | |
| http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26537 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/17965 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20093 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1470"
},
{
"name": "20060512 PHPBB 2.0.20 persistent issues with avatars",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html"
},
{
"name": "phpbb-avatar-security-bypass(26537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26537"
},
{
"name": "17965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17965"
},
{
"name": "20093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1470"
},
{
"name": "20060512 PHPBB 2.0.20 persistent issues with avatars",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html"
},
{
"name": "phpbb-avatar-security-bypass(26537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26537"
},
{
"name": "17965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17965"
},
{
"name": "20093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1470",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1470"
},
{
"name": "20060512 PHPBB 2.0.20 persistent issues with avatars",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html"
},
{
"name": "phpbb-avatar-security-bypass(26537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26537"
},
{
"name": "17965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17965"
},
{
"name": "20093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4450",
"datePublished": "2006-08-30T01:00:00",
"dateReserved": "2006-08-29T00:00:00",
"dateUpdated": "2024-08-07T19:14:46.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3419 (GCVE-0-2005-3419)
Vulnerability from cvelistv5
Published
2005-11-01 21:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/2250 | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=113081113317600&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2005/dsa-925 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.osvdb.org/20390 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/17366 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/130 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/18098 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.hardened-php.net/advisory_172005.75.html | x_refsource_MISC | |
| http://securitytracker.com/id?1015121 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/15243 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "20390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20390"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "20390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20390"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2250",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "20390",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20390"
},
{
"name": "17366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
},
{
"name": "http://www.hardened-php.net/advisory_172005.75.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3419",
"datePublished": "2005-11-01T21:00:00",
"dateReserved": "2005-11-01T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1950 (GCVE-0-2004-1950)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/11434 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=108239864203144&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15909 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10170 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=108241122908409&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11434"
},
{
"name": "20040419 phpBB 2.0.8a and lower - IP spoofing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108239864203144\u0026w=2"
},
{
"name": "phbb-common-ip-spoofing(15909)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15909"
},
{
"name": "10170",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10170"
},
{
"name": "20040419 Re: phpBB 2.0.8a and lower - IP spoofing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108241122908409\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11434"
},
{
"name": "20040419 phpBB 2.0.8a and lower - IP spoofing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108239864203144\u0026w=2"
},
{
"name": "phbb-common-ip-spoofing(15909)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15909"
},
{
"name": "10170",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10170"
},
{
"name": "20040419 Re: phpBB 2.0.8a and lower - IP spoofing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108241122908409\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11434"
},
{
"name": "20040419 phpBB 2.0.8a and lower - IP spoofing vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108239864203144\u0026w=2"
},
{
"name": "phbb-common-ip-spoofing(15909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15909"
},
{
"name": "10170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10170"
},
{
"name": "20040419 Re: phpBB 2.0.8a and lower - IP spoofing vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108241122908409\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1950",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2161 (GCVE-0-2005-2161)
Vulnerability from cvelistv5
Published
2005-07-06 04:00
Modified
2024-08-07 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112059951605939&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2005/dsa-768 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitylab.ru/55612.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050705 XSS in nested tag in phpbb 2.0.16",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112059951605939\u0026w=2"
},
{
"name": "DSA-768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitylab.ru/55612.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050705 XSS in nested tag in phpbb 2.0.16",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112059951605939\u0026w=2"
},
{
"name": "DSA-768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitylab.ru/55612.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050705 XSS in nested tag in phpbb 2.0.16",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112059951605939\u0026w=2"
},
{
"name": "DSA-768",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-768"
},
{
"name": "http://www.securitylab.ru/55612.html",
"refsource": "MISC",
"url": "http://www.securitylab.ru/55612.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2161",
"datePublished": "2005-07-06T04:00:00",
"dateReserved": "2005-07-06T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0475 (GCVE-0-2002-0475)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securiteam.com/unixfocus/6W00Q202UM.html | x_refsource_MISC | |
| http://www.iss.net/security_center/static/7459.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4379 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:28.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/6W00Q202UM.html"
},
{
"name": "phpbb-cross-site-scripting(7459)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7459.php"
},
{
"name": "4379",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/6W00Q202UM.html"
},
{
"name": "phpbb-cross-site-scripting(7459)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7459.php"
},
{
"name": "4379",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4379"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/unixfocus/6W00Q202UM.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6W00Q202UM.html"
},
{
"name": "phpbb-cross-site-scripting(7459)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7459.php"
},
{
"name": "4379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4379"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0475",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:28.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3418 (GCVE-0-2005-3418)
Vulnerability from cvelistv5
Published
2005-11-01 21:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/2250 | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=113081113317600&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2005/dsa-925 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/17366 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/20388 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/20389 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/130 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/18098 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.hardened-php.net/advisory_172005.75.html | x_refsource_MISC | |
| http://www.osvdb.org/20387 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1015121 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/15243 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "20388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20388"
},
{
"name": "20389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20389"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "20387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20387"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "20388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20388"
},
{
"name": "20389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20389"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "20387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20387"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2250",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17366"
},
{
"name": "20388",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20388"
},
{
"name": "20389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20389"
},
{
"name": "130",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
},
{
"name": "http://www.hardened-php.net/advisory_172005.75.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "20387",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20387"
},
{
"name": "1015121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3418",
"datePublished": "2005-11-01T21:00:00",
"dateReserved": "2005-11-01T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1315 (GCVE-0-2004-1315)
Vulnerability from cvelistv5
Published
2004-12-31 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10701 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/200411-32 | vendor-advisory, x_refsource_GENTOO | |
| http://marc.info/?l=bugtraq&m=110365752909029&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18052 | vdb-entry, x_refsource_XF | |
| http://www.phpbb.com/phpBB/viewtopic.php?t=240513 | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/497400 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-356A.html | third-party-advisory, x_refsource_CERT | |
| http://secunia.com/advisories/13239/ | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?t=110079440800004&r=1&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/385208 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=110029415208724&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10701",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10701"
},
{
"name": "GLSA-200411-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/200411-32"
},
{
"name": "20041220 phpBB Worm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110365752909029\u0026w=2"
},
{
"name": "phpbb-view-sql-injection(18052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=240513"
},
{
"name": "VU#497400",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/497400"
},
{
"name": "TA04-356A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-356A.html"
},
{
"name": "13239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13239/"
},
{
"name": "20041118 EXEC exploit in phpBB - fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?t=110079440800004\u0026r=1\u0026w=2"
},
{
"name": "20041222 Re: phpBB Worm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/385208"
},
{
"name": "20041112 phpBB Code EXEC (v2.0.10)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110029415208724\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10701",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10701"
},
{
"name": "GLSA-200411-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/200411-32"
},
{
"name": "20041220 phpBB Worm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110365752909029\u0026w=2"
},
{
"name": "phpbb-view-sql-injection(18052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=240513"
},
{
"name": "VU#497400",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/497400"
},
{
"name": "TA04-356A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-356A.html"
},
{
"name": "13239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13239/"
},
{
"name": "20041118 EXEC exploit in phpBB - fix",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?t=110079440800004\u0026r=1\u0026w=2"
},
{
"name": "20041222 Re: phpBB Worm",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/385208"
},
{
"name": "20041112 phpBB Code EXEC (v2.0.10)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110029415208724\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10701"
},
{
"name": "GLSA-200411-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/200411-32"
},
{
"name": "20041220 phpBB Worm",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110365752909029\u0026w=2"
},
{
"name": "phpbb-view-sql-injection(18052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18052"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?t=240513",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=240513"
},
{
"name": "VU#497400",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/497400"
},
{
"name": "TA04-356A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-356A.html"
},
{
"name": "13239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13239/"
},
{
"name": "20041118 EXEC exploit in phpBB - fix",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?t=110079440800004\u0026r=1\u0026w=2"
},
{
"name": "20041222 Re: phpBB Worm",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/385208"
},
{
"name": "20041112 phpBB Code EXEC (v2.0.10)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110029415208724\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1315",
"datePublished": "2004-12-31T05:00:00",
"dateReserved": "2004-12-22T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2359 (GCVE-0-2006-2359)
Vulnerability from cvelistv5
Published
2006-05-15 16:00
Modified
2024-08-07 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/434461/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/433848/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/17952 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26414 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/433715/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:03.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060516 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"name": "20060512 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"name": "17952",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17952"
},
{
"name": "phpbb-charts-xss(26414)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26414"
},
{
"name": "20060511 phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060516 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"name": "20060512 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"name": "17952",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17952"
},
{
"name": "phpbb-charts-xss(26414)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26414"
},
{
"name": "20060511 phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060516 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"name": "20060512 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"name": "17952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17952"
},
{
"name": "phpbb-charts-xss(26414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26414"
},
{
"name": "20060511 phpBB \"charts.php\" XSS and SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2359",
"datePublished": "2006-05-15T16:00:00",
"dateReserved": "2006-05-15T00:00:00",
"dateUpdated": "2024-08-07T17:51:03.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0730 (GCVE-0-2004-0730)
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16725 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108999024506020&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10738 | vdb-entry, x_refsource_BID | |
| http://www.waraxe.us/index.php?modname=sa&id=34 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16726 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16724 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:46.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-lang-faq-xss(16725)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16725"
},
{
"name": "20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"name": "10738",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"name": "phpbb-lang-bbcode-xss(16726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16726"
},
{
"name": "phpbb-indexphp-xss(16724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-lang-faq-xss(16725)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16725"
},
{
"name": "20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"name": "10738",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"name": "phpbb-lang-bbcode-xss(16726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16726"
},
{
"name": "phpbb-indexphp-xss(16724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-lang-faq-xss(16725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16725"
},
{
"name": "20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"name": "10738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10738"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=34",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"name": "phpbb-lang-bbcode-xss(16726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16726"
},
{
"name": "phpbb-indexphp-xss(16724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0730",
"datePublished": "2004-07-23T04:00:00",
"dateReserved": "2004-07-22T00:00:00",
"dateUpdated": "2024-08-08T00:31:46.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2176 (GCVE-0-2002-2176)
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5342 | vdb-entry, x_refsource_BID | |
| http://online.securityfocus.com/archive/1/284691 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9692.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5342",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5342"
},
{
"name": "20020727 phpBB/gender mod allows get admin privilege, exploit/patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/284691"
},
{
"name": "phpbb-gendermod-admin-privileges(9692)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9692.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5342",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5342"
},
{
"name": "20020727 phpBB/gender mod allows get admin privilege, exploit/patch",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/284691"
},
{
"name": "phpbb-gendermod-admin-privileges(9692)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9692.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5342"
},
{
"name": "20020727 phpBB/gender mod allows get admin privilege, exploit/patch",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/284691"
},
{
"name": "phpbb-gendermod-admin-privileges(9692)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9692.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2176",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T22:45:34.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5209 (GCVE-0-2006-5209)
Vulnerability from cvelistv5
Published
2006-10-09 19:00
Modified
2024-08-07 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29345 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/2475/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-setmodules-file-include(29345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"name": "2475",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2475/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-setmodules-file-include(29345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"name": "2475",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2475/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-setmodules-file-include(29345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"name": "2475",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2475/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5209",
"datePublished": "2006-10-09T19:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:04.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6508 (GCVE-0-2006-6508)
Vulnerability from cvelistv5
Published
2006-12-14 00:00
Modified
2024-08-07 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30786 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/28871 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1488 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/23283 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-message-csrf(30786)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-message-csrf(30786)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-message-csrf(30786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "23283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6508",
"datePublished": "2006-12-14T00:00:00",
"dateReserved": "2006-12-13T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1290 (GCVE-0-2005-1290)
Vulnerability from cvelistv5
Published
2005-04-26 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111428283721756&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://neosecurityteam.net/Advisories/Advisory-14.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:06.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050423 -==phpBB 2.0.14 Multiple Vulnerabilities==-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111428283721756\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://neosecurityteam.net/Advisories/Advisory-14.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050423 -==phpBB 2.0.14 Multiple Vulnerabilities==-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111428283721756\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://neosecurityteam.net/Advisories/Advisory-14.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050423 -==phpBB 2.0.14 Multiple Vulnerabilities==-",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111428283721756\u0026w=2"
},
{
"name": "http://neosecurityteam.net/Advisories/Advisory-14.txt",
"refsource": "MISC",
"url": "http://neosecurityteam.net/Advisories/Advisory-14.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1290",
"datePublished": "2005-04-26T04:00:00",
"dateReserved": "2005-04-26T00:00:00",
"dateUpdated": "2024-08-07T21:44:06.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0437 (GCVE-0-2006-0437)
Vulnerability from cvelistv5
Published
2006-02-06 22:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0445 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18693 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html | mailing-list, x_refsource_FULLDISC | |
| http://securityreason.com/achievement_securityalert/31 | third-party-advisory, x_refsource_SREASONRES | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24497 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/22928 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/406 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"name": "18693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18693"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"name": "phpbb-referer-header-http-xss(24497)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
},
{
"name": "22928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22928"
},
{
"name": "406",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as \"onmouseover\" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for \"\u003c\" and \"\u003e\" characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"name": "18693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18693"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"name": "phpbb-referer-header-http-xss(24497)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
},
{
"name": "22928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22928"
},
{
"name": "406",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as \"onmouseover\" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for \"\u003c\" and \"\u003e\" characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0445",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"name": "18693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18693"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"name": "phpbb-referer-header-http-xss(24497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
},
{
"name": "22928",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22928"
},
{
"name": "406",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0437",
"datePublished": "2006-02-06T22:00:00",
"dateReserved": "2006-01-26T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2134 (GCVE-0-2006-2134)
Vulnerability from cvelistv5
Published
2006-05-02 10:00
Modified
2024-08-07 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/1728 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/17763 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/19892 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26279 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/1585 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1728",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1728"
},
{
"name": "17763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17763"
},
{
"name": "19892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19892"
},
{
"name": "kbmod-phpbb-kbconstants-file-include(26279)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26279"
},
{
"name": "ADV-2006-1585",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1728",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1728"
},
{
"name": "17763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17763"
},
{
"name": "19892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19892"
},
{
"name": "kbmod-phpbb-kbconstants-file-include(26279)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26279"
},
{
"name": "ADV-2006-1585",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1728",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1728"
},
{
"name": "17763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17763"
},
{
"name": "19892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19892"
},
{
"name": "kbmod-phpbb-kbconstants-file-include(26279)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26279"
},
{
"name": "ADV-2006-1585",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2134",
"datePublished": "2006-05-02T10:00:00",
"dateReserved": "2006-05-01T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0659 (GCVE-0-2005-0659)
Vulnerability from cvelistv5
Published
2005-03-07 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110996579900134&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1013377 | vdb-entry, x_refsource_SECTRACK | |
| http://neosecurityteam.net/Advisories/Advisory-09.txt | x_refsource_MISC | |
| http://neosecurityteam.tk/index.php?pagina=advisories&id=9 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050304 -==phpBB 2.0.13 Full path disclosure==-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110996579900134\u0026w=2"
},
{
"name": "1013377",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013377"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://neosecurityteam.net/Advisories/Advisory-09.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050304 -==phpBB 2.0.13 Full path disclosure==-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110996579900134\u0026w=2"
},
{
"name": "1013377",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013377"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://neosecurityteam.net/Advisories/Advisory-09.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050304 -==phpBB 2.0.13 Full path disclosure==-",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110996579900134\u0026w=2"
},
{
"name": "1013377",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013377"
},
{
"name": "http://neosecurityteam.net/Advisories/Advisory-09.txt",
"refsource": "MISC",
"url": "http://neosecurityteam.net/Advisories/Advisory-09.txt"
},
{
"name": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=9",
"refsource": "MISC",
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0659",
"datePublished": "2005-03-07T05:00:00",
"dateReserved": "2005-03-07T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2086 (GCVE-0-2005-2086)
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-08-07 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=302011 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=111999905917019&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=302011"
},
{
"name": "20050628 Security Advisory - phpBB 2.0.15 PHP-code injection bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111999905917019\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=302011"
},
{
"name": "20050628 Security Advisory - phpBB 2.0.15 PHP-code injection bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111999905917019\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=302011",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=302011"
},
{
"name": "20050628 Security Advisory - phpBB 2.0.15 PHP-code injection bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111999905917019\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2086",
"datePublished": "2005-06-30T04:00:00",
"dateReserved": "2005-06-30T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1114 (GCVE-0-2005-1114)
Vulnerability from cvelistv5
Published
2005-04-16 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/13155 | vdb-entry, x_refsource_BID | |
| http://www.digitalparadox.org/advisories/phpbbp.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=111343406309969&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/15931 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20086 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"name": "15931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15931"
},
{
"name": "phpbb-multiple-modules-sql-injection(20086)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"name": "15931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15931"
},
{
"name": "phpbb-multiple-modules-sql-injection(20086)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13155"
},
{
"name": "http://www.digitalparadox.org/advisories/phpbbp.txt",
"refsource": "MISC",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"name": "15931",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15931"
},
{
"name": "phpbb-multiple-modules-sql-injection(20086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1114",
"datePublished": "2005-04-16T04:00:00",
"dateReserved": "2005-04-16T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2360 (GCVE-0-2006-2360)
Vulnerability from cvelistv5
Published
2006-05-15 16:00
Modified
2024-08-07 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/434461/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/433848/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/17952 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26415 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/433715/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:03.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060516 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"name": "20060512 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"name": "17952",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17952"
},
{
"name": "phpbb-charts-sql-injection(26415)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26415"
},
{
"name": "20060511 phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060516 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"name": "20060512 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"name": "17952",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17952"
},
{
"name": "phpbb-charts-sql-injection(26415)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26415"
},
{
"name": "20060511 phpBB \"charts.php\" XSS and SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060516 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"name": "20060512 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"name": "17952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17952"
},
{
"name": "phpbb-charts-sql-injection(26415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26415"
},
{
"name": "20060511 phpBB \"charts.php\" XSS and SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2360",
"datePublished": "2006-05-15T16:00:00",
"dateReserved": "2006-05-15T00:00:00",
"dateUpdated": "2024-08-07T17:51:03.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6839 (GCVE-0-2006-6839)
Vulnerability from cvelistv5
Published
2007-01-03 02:00
Modified
2024-08-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980 | x_refsource_CONFIRM | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28871 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21806 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2008/dsa-1488 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to \"criteria for \u0027bad\u0027 redirection targets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to \"criteria for \u0027bad\u0027 redirection targets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6839",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0259 (GCVE-0-2005-0259)
Vulnerability from cvelistv5
Published
2005-02-22 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/14362/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.phpbb.com/support/documents.php?mode=changelog | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/774686 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14362/"
},
{
"name": "20050222 phpBB Group phpBB Arbitrary File Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=204\u0026type=vulnerabilities"
},
{
"name": "GLSA-200503-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
},
{
"name": "VU#774686",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/774686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the \"Upload Avatar from a URL:\" field to reference the target file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14362/"
},
{
"name": "20050222 phpBB Group phpBB Arbitrary File Disclosure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=204\u0026type=vulnerabilities"
},
{
"name": "GLSA-200503-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
},
{
"name": "VU#774686",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/774686"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the \"Upload Avatar from a URL:\" field to reference the target file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14362/"
},
{
"name": "20050222 phpBB Group phpBB Arbitrary File Disclosure Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=204\u0026type=vulnerabilities"
},
{
"name": "GLSA-200503-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"name": "http://www.phpbb.com/support/documents.php?mode=changelog",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
},
{
"name": "VU#774686",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/774686"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0259",
"datePublished": "2005-02-22T05:00:00",
"dateReserved": "2005-02-09T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1894 (GCVE-0-2002-1894)
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-16 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/6195 | vdb-entry, x_refsource_BID | |
| http://www.phpbb.com/phpBB/viewtopic.php?t=56283 | x_refsource_CONFIRM | |
| http://www.iss.net/security_center/static/10653.php | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/1/300362 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6195",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=56283"
},
{
"name": "phpbb-viewtopic-script-xss(10653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10653.php"
},
{
"name": "20021118 XSS bug in phpBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/300362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6195",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=56283"
},
{
"name": "phpbb-viewtopic-script-xss(10653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10653.php"
},
{
"name": "20021118 XSS bug in phpBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/300362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6195"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?t=56283",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=56283"
},
{
"name": "phpbb-viewtopic-script-xss(10653)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10653.php"
},
{
"name": "20021118 XSS bug in phpBB",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/300362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1894",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T18:03:34.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1943 (GCVE-0-2004-1943)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15916 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10177 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=108244738102532&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-albumportal-file-include(15916)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15916"
},
{
"name": "10177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10177"
},
{
"name": "20040419 phpBB modified by Przemo arbitary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108244738102532\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-albumportal-file-include(15916)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15916"
},
{
"name": "10177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10177"
},
{
"name": "20040419 phpBB modified by Przemo arbitary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108244738102532\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-albumportal-file-include(15916)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15916"
},
{
"name": "10177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10177"
},
{
"name": "20040419 phpBB modified by Przemo arbitary code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108244738102532\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1943",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3416 (GCVE-0-2005-3416)
Vulnerability from cvelistv5
Published
2005-11-01 21:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/20413 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=113081113317600&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2005/dsa-925 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/17366 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/130 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/18098 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.hardened-php.net/advisory_172005.75.html | x_refsource_MISC | |
| http://securitytracker.com/id?1015121 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/15243 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20413",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20413"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20413",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20413"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20413",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20413"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
},
{
"name": "http://www.hardened-php.net/advisory_172005.75.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3416",
"datePublished": "2005-11-01T21:00:00",
"dateReserved": "2005-11-01T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0614 (GCVE-0-2005-0614)
Vulnerability from cvelistv5
Published
2005-03-03 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110970201920206&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.phpbb.com/phpBB/viewtopic.php?t=267563 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=110999268130739&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/14413 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050301 phpBB \u003c= 2.0.12 UID Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110970201920206\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
},
{
"name": "20050304 phpBB 2.0.12 Session Handling Administrator Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110999268130739\u0026w=2"
},
{
"name": "14413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050301 phpBB \u003c= 2.0.12 UID Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110970201920206\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
},
{
"name": "20050304 phpBB 2.0.12 Session Handling Administrator Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110999268130739\u0026w=2"
},
{
"name": "14413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050301 phpBB \u003c= 2.0.12 UID Exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110970201920206\u0026w=2"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
},
{
"name": "20050304 phpBB 2.0.12 Session Handling Administrator Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110999268130739\u0026w=2"
},
{
"name": "14413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0614",
"datePublished": "2005-03-03T05:00:00",
"dateReserved": "2005-03-02T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0533 (GCVE-0-2002-0533)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/8764.php | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/1/265798 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4432 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html | mailing-list, x_refsource_VULNWATCH | |
| http://marc.info/?l=bugtraq&m=101794993119738&w=2 | mailing-list, x_refsource_VULN-DEV | |
| http://www.securityfocus.com/bid/4434 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:29.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-bbcode-function-dos(8764)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8764.php"
},
{
"name": "20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/265798"
},
{
"name": "4432",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4432"
},
{
"name": "20020404 [VulnWatch] (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html"
},
{
"name": "20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101794993119738\u0026w=2"
},
{
"name": "4434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \\0 characters within [code] tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-bbcode-function-dos(8764)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8764.php"
},
{
"name": "20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/265798"
},
{
"name": "4432",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4432"
},
{
"name": "20020404 [VulnWatch] (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html"
},
{
"name": "20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101794993119738\u0026w=2"
},
{
"name": "4434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4434"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \\0 characters within [code] tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-bbcode-function-dos(8764)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8764.php"
},
{
"name": "20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/265798"
},
{
"name": "4432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4432"
},
{
"name": "20020404 [VulnWatch] (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html"
},
{
"name": "20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=bugtraq\u0026m=101794993119738\u0026w=2"
},
{
"name": "4434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4434"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0533",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:29.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0729 (GCVE-0-2004-0729)
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108999024506020&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16720 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16716 | vdb-entry, x_refsource_XF | |
| http://www.waraxe.us/index.php?modname=sa&id=34 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16723 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"name": "phpbb-lang-faq-path-disclosure(16720)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16720"
},
{
"name": "phpbb-indexphp-path-disclosure(16716)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16716"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"name": "phpbb-usercpviewprofile-path-disclosure(16723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"name": "phpbb-lang-faq-path-disclosure(16720)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16720"
},
{
"name": "phpbb-indexphp-path-disclosure(16716)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16716"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"name": "phpbb-usercpviewprofile-path-disclosure(16723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16723"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"name": "phpbb-lang-faq-path-disclosure(16720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16720"
},
{
"name": "phpbb-indexphp-path-disclosure(16716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16716"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=34",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"name": "phpbb-usercpviewprofile-path-disclosure(16723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16723"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0729",
"datePublished": "2004-07-23T04:00:00",
"dateReserved": "2004-07-22T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6840 (GCVE-0-2006-6840)
Vulnerability from cvelistv5
Published
2007-01-03 02:00
Modified
2024-08-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980 | x_refsource_CONFIRM | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28871 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21806 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2008/dsa-1488 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a \"negative start parameter.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a \"negative start parameter.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6840",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1193 (GCVE-0-2005-1193)
Vulnerability from cvelistv5
Published
2005-05-16 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1014117 | vdb-entry, x_refsource_SECTRACK | |
| http://www.kb.cert.org/vuls/id/113196 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/15298 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/13545 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=full-disclosure&m=111552510000088&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=288194 | x_refsource_CONFIRM | |
| http://castlecops.com/t123194-.html | x_refsource_MISC | |
| http://seclists.org/lists/bugtraq/2005/May/0098.html | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1013918 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20574 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/16439 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014117"
},
{
"name": "VU#113196",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/113196"
},
{
"name": "15298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15298"
},
{
"name": "13545",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13545"
},
{
"name": "20050508 phpbb 2.0.15 released - patches high critical vuln",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=111552510000088\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=288194"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://castlecops.com/t123194-.html"
},
{
"name": "20050507 phpbb 2.0.15 released - patches high critical vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2005/May/0098.html"
},
{
"name": "1013918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013918"
},
{
"name": "phpbb-url-bbcode-file-include(20574)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20574"
},
{
"name": "16439",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014117"
},
{
"name": "VU#113196",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/113196"
},
{
"name": "15298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15298"
},
{
"name": "13545",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13545"
},
{
"name": "20050508 phpbb 2.0.15 released - patches high critical vuln",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=111552510000088\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=288194"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://castlecops.com/t123194-.html"
},
{
"name": "20050507 phpbb 2.0.15 released - patches high critical vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2005/May/0098.html"
},
{
"name": "1013918",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013918"
},
{
"name": "phpbb-url-bbcode-file-include(20574)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20574"
},
{
"name": "16439",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014117",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014117"
},
{
"name": "VU#113196",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/113196"
},
{
"name": "15298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15298"
},
{
"name": "13545",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13545"
},
{
"name": "20050508 phpbb 2.0.15 released - patches high critical vuln",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=111552510000088\u0026w=2"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=288194",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=288194"
},
{
"name": "http://castlecops.com/t123194-.html",
"refsource": "MISC",
"url": "http://castlecops.com/t123194-.html"
},
{
"name": "20050507 phpbb 2.0.15 released - patches high critical vuln",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/May/0098.html"
},
{
"name": "1013918",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013918"
},
{
"name": "phpbb-url-bbcode-file-include(20574)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20574"
},
{
"name": "16439",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1193",
"datePublished": "2005-05-16T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3799 (GCVE-0-2005-3799)
Vulnerability from cvelistv5
Published
2005-11-24 11:00
Modified
2024-08-07 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=113200740718682&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=113210133012767&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/achievement_exploitalert/4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051111 phpBB 2.0.18 SQL Query problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113200740718682\u0026w=2"
},
{
"name": "20051115 Re: phpBB 2.0.18 SQL Query problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113210133012767\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityreason.com/achievement_exploitalert/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051111 phpBB 2.0.18 SQL Query problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113200740718682\u0026w=2"
},
{
"name": "20051115 Re: phpBB 2.0.18 SQL Query problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113210133012767\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityreason.com/achievement_exploitalert/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051111 phpBB 2.0.18 SQL Query problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113200740718682\u0026w=2"
},
{
"name": "20051115 Re: phpBB 2.0.18 SQL Query problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113210133012767\u0026w=2"
},
{
"name": "http://securityreason.com/achievement_exploitalert/4",
"refsource": "MISC",
"url": "http://securityreason.com/achievement_exploitalert/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3799",
"datePublished": "2005-11-24T11:00:00",
"dateReserved": "2005-11-24T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0450 (GCVE-0-2006-0450)
Vulnerability from cvelistv5
Published
2006-01-27 00:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/423030/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://h4cky0u.org/viewtopic.php?t=637 | x_refsource_MISC | |
| http://www.h4cky0u.org/advisories/HYSA-2006-001-phpbb.txt | x_refsource_MISC | |
| http://securityreason.com/securityalert/368 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24327 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060125 HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423030/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://h4cky0u.org/viewtopic.php?t=637"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-001-phpbb.txt"
},
{
"name": "368",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/368"
},
{
"name": "phpbb-search-profile-dos(24327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060125 HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423030/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://h4cky0u.org/viewtopic.php?t=637"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-001-phpbb.txt"
},
{
"name": "368",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/368"
},
{
"name": "phpbb-search-profile-dos(24327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060125 HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423030/100/0/threaded"
},
{
"name": "http://h4cky0u.org/viewtopic.php?t=637",
"refsource": "MISC",
"url": "http://h4cky0u.org/viewtopic.php?t=637"
},
{
"name": "http://www.h4cky0u.org/advisories/HYSA-2006-001-phpbb.txt",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-001-phpbb.txt"
},
{
"name": "368",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/368"
},
{
"name": "phpbb-search-profile-dos(24327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0450",
"datePublished": "2006-01-27T00:00:00",
"dateReserved": "2006-01-26T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6841 (GCVE-0-2006-6841)
Vulnerability from cvelistv5
Published
2007-01-03 02:00
Modified
2024-08-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980 | x_refsource_CONFIRM | |
| http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28871 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21806 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2008/dsa-1488 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6841",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1537 (GCVE-0-2002-1537)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/6056 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10489.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/4284 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6056"
},
{
"name": "phpbb-adminugauth-admin-privileges(10489)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10489.php"
},
{
"name": "20021027 Privilege Escalation Vulnerability In phpBB 2.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html"
},
{
"name": "4284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as \"u\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-03-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6056"
},
{
"name": "phpbb-adminugauth-admin-privileges(10489)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10489.php"
},
{
"name": "20021027 Privilege Escalation Vulnerability In phpBB 2.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html"
},
{
"name": "4284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as \"u\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6056"
},
{
"name": "phpbb-adminugauth-admin-privileges(10489)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10489.php"
},
{
"name": "20021027 Privilege Escalation Vulnerability In phpBB 2.0.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html"
},
{
"name": "4284",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1537",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-25T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0484 (GCVE-0-2003-0484)
Vulnerability from cvelistv5
Published
2003-06-28 04:00
Modified
2024-08-08 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105639883722514&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030621 XSS Exploit In phpBB viewtopic.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105639883722514\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030621 XSS Exploit In phpBB viewtopic.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105639883722514\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030621 XSS Exploit In phpBB viewtopic.php",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105639883722514\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0484",
"datePublished": "2003-06-28T04:00:00",
"dateReserved": "2003-06-27T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3536 (GCVE-0-2005-3536)
Vulnerability from cvelistv5
Published
2005-12-22 23:00
Modified
2024-08-07 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/15246 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2005/dsa-925 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.osvdb.org/22270 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/18098 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15246"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "22270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22270"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "15246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15246"
},
{
"name": "DSA-925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "22270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22270"
},
{
"name": "18098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15246"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "22270",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22270"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3536",
"datePublished": "2005-12-22T23:00:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1707 (GCVE-0-2002-1707)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9370 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5038 | vdb-entry, x_refsource_BID | |
| http://online.securityfocus.com/archive/1/277318 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-include-remote-files(9370)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9370"
},
{
"name": "5038",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5038"
},
{
"name": "20020616 malicious PHP source injection in phpBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/277318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "install.php in phpBB 2.0 through 2.0.1, when \"allow_url_fopen\" and \"register_globals\" variables are set to \"on\", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-include-remote-files(9370)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9370"
},
{
"name": "5038",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5038"
},
{
"name": "20020616 malicious PHP source injection in phpBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/277318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "install.php in phpBB 2.0 through 2.0.1, when \"allow_url_fopen\" and \"register_globals\" variables are set to \"on\", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-include-remote-files(9370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9370"
},
{
"name": "5038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5038"
},
{
"name": "20020616 malicious PHP source injection in phpBB",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/277318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1707",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1047 (GCVE-0-2005-1047)
Vulnerability from cvelistv5
Published
2005-04-12 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1013671 | vdb-entry, x_refsource_SECTRACK | |
| http://www.defacers.com.mx/advisories/2.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=111299353030534&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013671",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013671"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.defacers.com.mx/advisories/2.txt"
},
{
"name": "20050408 phpBB Upload Script \"up.php\" Arbitrary File Upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111299353030534\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013671",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013671"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.defacers.com.mx/advisories/2.txt"
},
{
"name": "20050408 phpBB Upload Script \"up.php\" Arbitrary File Upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111299353030534\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013671",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013671"
},
{
"name": "http://www.defacers.com.mx/advisories/2.txt",
"refsource": "MISC",
"url": "http://www.defacers.com.mx/advisories/2.txt"
},
{
"name": "20050408 phpBB Upload Script \"up.php\" Arbitrary File Upload",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111299353030534\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1047",
"datePublished": "2005-04-12T04:00:00",
"dateReserved": "2005-04-12T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-11-01 21:02
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail."
}
],
"id": "CVE-2005-3416",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-01T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20413"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.2.4_rc3 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.4_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2D8185-F760-4731-B829-C7498B4AB137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to \"criteria for \u0027bad\u0027 redirection targets.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en phpBB anterior a 2.0.22 tiene un impacto desconocido y vectores remotos de ataque relacionados con \"\tcriterios para los \u201cmalos\u201d objetivos de redirecci\u00f3n\"."
}
],
"id": "CVE-2006-6839",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-01 21:02
Modified
2025-04-03 01:03
Severity ?
Summary
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an \"e\" modifier into a preg_replace statement."
}
],
"id": "CVE-2005-3420",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-01T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20391"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-10 04:06
Modified
2025-04-09 00:30
Severity ?
Summary
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.19 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE04D5FE-021A-4E97-9166-8F7484F4C5F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en admin/admin_tocpi_action_logging.php en Admin Topic Action Logging Mod 0.95 y anteriores, usado en phpBB 2.0 hasta 2.0.21, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro phpbb_root_path."
}
],
"id": "CVE-2006-5209",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-10T04:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2475/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2475/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-15 16:06
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "101667DF-0B3E-49A1-A0C9-BDBEEC9F89CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"id": "CVE-2006-2360",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-15T16:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17952"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26415"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php."
}
],
"id": "CVE-2003-1244",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/11376.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/6888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/11376.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/6888"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.0.0 | |
| phpbb_group | phpbb | 1.2.0 | |
| phpbb_group | phpbb | 1.2.1 | |
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 | |
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5879-39FE-4BFF-B391-52EAA58D1A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581594BF-92CE-4B16-95DC-200E11C64591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFC1B3-8C7D-4B63-8E92-F1759EACA2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter."
}
],
"id": "CVE-2004-2350",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/357442"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/9883"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/357442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/9883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15475"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-02 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * | |
| phpbb_group | phpbb | 1.0.0 | |
| phpbb_group | phpbb | 1.0.1 | |
| phpbb_group | phpbb | 1.2.0 | |
| phpbb_group | phpbb | 1.2.1 | |
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 | |
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06FECBC5-AB2F-4807-8C4F-C3A3EE56A9B4",
"versionEndIncluding": "2.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5879-39FE-4BFF-B391-52EAA58D1A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4951A567-0C73-4C41-A694-B50293545936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581594BF-92CE-4B16-95DC-200E11C64591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFC1B3-8C7D-4B63-8E92-F1759EACA2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter."
}
],
"evaluatorSolution": "Successful exploitation requires that \"register_globals\" is enabled.",
"id": "CVE-2006-2134",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-02T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19892"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17763"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1585"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26279"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1728"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-01 21:02
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables."
}
],
"id": "CVE-2005-3418",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-01T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20387"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20388"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20389"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-24 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path."
},
{
"lang": "es",
"value": "phpBB 2.0.18 permite a atacantes remotos obtener informaci\u00f3n sensible mediante una consulta SQL grande, lo que genera un mensaje de error que revela la sintaxis SQL de la ruta de instalaci\u00f3n completa."
}
],
"id": "CVE-2005-3799",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-24T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113200740718682\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113210133012767\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_exploitalert/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113200740718682\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113210133012767\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_exploitalert/4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-27 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.0.0 | |
| phpbb_group | phpbb | 1.2.0 | |
| phpbb_group | phpbb | 1.2.1 | |
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 | |
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5879-39FE-4BFF-B391-52EAA58D1A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581594BF-92CE-4B16-95DC-200E11C64591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFC1B3-8C7D-4B63-8E92-F1759EACA2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter."
}
],
"id": "CVE-2003-1216",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106997132425576\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107005608726609\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107196735102970\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9122"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106997132425576\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107005608726609\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107196735102970\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php."
}
],
"id": "CVE-2005-0673",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=8"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/14475"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/14475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013362"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-22 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A \"missing request validation\" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs."
}
],
"id": "CVE-2005-3537",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-22T23:03:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15246"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "install.php in phpBB 2.0 through 2.0.1, when \"allow_url_fopen\" and \"register_globals\" variables are set to \"on\", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code."
}
],
"id": "CVE-2002-1707",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/277318"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/277318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9370"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "101667DF-0B3E-49A1-A0C9-BDBEEC9F89CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter."
}
],
"id": "CVE-2005-1196",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111384185116335\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111384185116335\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| smartor | photo_album | 2.0.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:smartor:photo_album:2.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "8F885EB6-E2C1-427C-B57C-395F7E19A4CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php."
}
],
"id": "CVE-2005-1115",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13157"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13158"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message."
},
{
"lang": "es",
"value": "phpBB 2.0.8 permiteaatacantes remotos obtener informaci\u00f3n sensible mediante par\u00e1metros inv\u00e1lidos:\r\n(1) category_rows a index.php,\r\n(2) faq a faq.php, o\r\n(3) ranksrow a profile.php,\r\nlo que revela la ruta completa en el mensaje de error."
}
],
"id": "CVE-2004-0729",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16716"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16720"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-01 21:02
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables."
}
],
"id": "CVE-2005-3417",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-01T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20414"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/274273 | ||
| cve@mitre.org | http://www.iss.net/security_center/static/9178.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/4858 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/274273 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9178.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4858 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (\") in the [IMG] tag, which bypasses phpBB\u0027s security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en phpBB 2.0.0 (phpBB) permite a atacantes remotos ejecutar Javascript como otros usuarios de phpBB incluyendo http:// y comillas dobles (\"\") en una etiquieta IMG, lo que evade la comprobaci\u00f3n de seguridad de phpBB, termina el par\u00e1metro src de la etiqueta HTML IMG, e injecta la secuencia de comandos."
}
],
"id": "CVE-2002-0902",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/274273"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9178.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/274273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9178.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4858"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.0.0 | |
| phpbb_group | phpbb | 1.2.0 | |
| phpbb_group | phpbb | 1.2.1 | |
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5879-39FE-4BFF-B391-52EAA58D1A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581594BF-92CE-4B16-95DC-200E11C64591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFC1B3-8C7D-4B63-8E92-F1759EACA2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \\0 characters within [code] tags."
}
],
"id": "CVE-2002-0533",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101794993119738\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/265798"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8764.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4432"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101794993119738\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/265798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8764.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4434"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-01 21:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized."
}
],
"id": "CVE-2005-3419",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-01T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20390"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2025-04-09 00:30
Severity ?
Summary
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.2.4_rc3 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.4_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2D8185-F760-4731-B829-C7498B4AB137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors."
},
{
"lang": "es",
"value": "Ciertas formas en phpBB anterior a 2.0.22 carecen de chequeo de sesiones, lo cual tiene un impacto desconocido y vectores de ataque remotos."
}
],
"id": "CVE-2006-6841",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.0.0 | |
| phpbb_group | phpbb | 1.2.0 | |
| phpbb_group | phpbb | 1.2.1 | |
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 | |
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5879-39FE-4BFF-B391-52EAA58D1A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581594BF-92CE-4B16-95DC-200E11C64591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFC1B3-8C7D-4B63-8E92-F1759EACA2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie."
}
],
"id": "CVE-2005-0614",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110970201920206\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110999268130739\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14413"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110970201920206\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110999268130739\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-13 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603."
}
],
"id": "CVE-2006-1775",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-13T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24354"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24355"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24356"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24357"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-07 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "101667DF-0B3E-49A1-A0C9-BDBEEC9F89CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en viewtopic.php de phpBB permite a atacantes remotos insertar scritp web arbitrario mediante el par\u00e1metro topic_id"
}
],
"id": "CVE-2003-0484",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105639883722514\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105639883722514\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-10 11:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0 | |
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.19 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE04D5FE-021A-4E97-9166-8F7484F4C5F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \"Message body\" field in a message to a non-existent user."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el buz\u00f3n de mensajes privados en phpBB 2.0.x permite a un usuario remoto validado inyectar secuencias de comandos web o HTML a trav\u00e9s del campo \"cuerpo de mensaje\" de un mensaje a un usuario no existente."
}
],
"id": "CVE-2006-6421",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-10T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23283"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2005"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22001"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| smartor | photo_album | 2.0.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:smartor:photo_album:2.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "8F885EB6-E2C1-427C-B57C-395F7E19A4CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters."
}
],
"id": "CVE-2005-1114",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15931"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13155"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20086"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.2.4_rc3 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.4_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2D8185-F760-4731-B829-C7498B4AB137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a \"negative start parameter.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en phpBB anterior a 2.0.22 tiene un impacto desconocido y vectores de ataque remotos relacionados con \"par\u00e1metro start negativo\"."
}
],
"id": "CVE-2006-6840",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.0.0 | |
| phpbb_group | phpbb | 1.2.0 | |
| phpbb_group | phpbb | 1.2.1 | |
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5879-39FE-4BFF-B391-52EAA58D1A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581594BF-92CE-4B16-95DC-200E11C64591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFC1B3-8C7D-4B63-8E92-F1759EACA2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message."
}
],
"id": "CVE-2002-0475",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7459.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/unixfocus/6W00Q202UM.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7459.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/unixfocus/6W00Q202UM.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4379"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/10489.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.osvdb.org/4284 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/6056 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10489.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/4284 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6056 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as \"u\"."
},
{
"lang": "es",
"value": "admin_ug_auth.php en phpBB 2.0.0 permite a usuarios locales obtener privilegios de administraci\u00f3n llamando directamente a admin_ug_auth.php con campos del formulario modificados tales como el \"\"u\"\"."
}
],
"id": "CVE-2002-1537",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10489.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4284"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/6056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10489.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/6056"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
}
],
"id": "CVE-2003-1373",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6889"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-20 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose \".*\" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl."
}
],
"id": "CVE-2006-1895",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/769"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431017/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17573"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431017/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25888"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter."
}
],
"id": "CVE-2002-1894",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://online.securityfocus.com/archive/1/300362"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/10653.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=56283"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://online.securityfocus.com/archive/1/300362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/10653.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=56283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6195"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-06 20:06
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.19 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE04D5FE-021A-4E97-9166-8F7484F4C5F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod"
}
],
"id": "CVE-2006-2865",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-06T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/435978/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/435995/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436118/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/435978/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/435995/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436118/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18255"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE04D5FE-021A-4E97-9166-8F7484F4C5F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nphpBB Group, phpBB, 2.0.7",
"id": "CVE-2004-0339",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107799508130700\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9765"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107799508130700\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15348"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-07 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory."
}
],
"id": "CVE-2005-1047",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111299353030534\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013671"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.defacers.com.mx/advisories/2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111299353030534\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.defacers.com.mx/advisories/2.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code."
}
],
"id": "CVE-2005-2086",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111999905917019\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=302011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111999905917019\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=302011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php."
}
],
"id": "CVE-2004-2054",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12114"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10753"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16759"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-08 17:28
Modified
2025-04-09 00:30
Severity ?
Summary
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message."
},
{
"lang": "es",
"value": "phpBB 2.0.20 no verifica tipos de variables de entrada especificadas por el usuario antes de ser pasadas a funciones dependientes del tipo, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible, como ha sido demostrado por (1) el par\u00e1metro mode a memberlist.php y el (2) par\u00e1metro highlight a viewtopic.php que son usados como argumento en las funciones htmlspecialchars o urlencode, lo cual muestra la ruta de instalaci\u00f3n en el mensaje de error resultante."
}
],
"id": "CVE-2006-2219",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-08T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/837"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-07 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA802D1-8AD3-46A4-89BE-9E9A714FB951",
"versionEndIncluding": "2.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en viewtopic.php de phpBB 2.0.5 y anteriores permite a atacantes remotos robar picadillos (hashes) de contrase\u00f1as mediante el par\u00e1metro topic_id."
}
],
"id": "CVE-2003-0486",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105607263130644\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=112052"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7979"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105607263130644\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=112052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12366"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/284691 | ||
| cve@mitre.org | http://www.iss.net/security_center/static/9692.php | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/5342 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/284691 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9692.php | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5342 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page."
}
],
"id": "CVE-2002-2176",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/284691"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9692.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/284691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9692.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5342"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-13 23:07
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00."
},
{
"lang": "es",
"value": "phpBB 2.0.21 no maneja adecuadamente los nombres de ruta que finalicen en %00, lo cual permite a un usuario remoto administrador validado actualizar ficheros de su elecci\u00f3n, seg\u00fan se puede ver a trav\u00e9s de la consulta a admin/admin_board.php con el par\u00e1metro avatar_path terminado en .php%00."
}
],
"evaluatorSolution": "Successful exploitation requires that the attacker has Administrative rights.",
"id": "CVE-2006-4758",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-13T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22188"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.security.nnov.ru/Odocument221.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20347"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.security.nnov.ru/Odocument221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag."
}
],
"id": "CVE-2005-1193",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://castlecops.com/t123194-.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=111552510000088\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/bugtraq/2005/May/0098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15298"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013918"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014117"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/113196"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16439"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=288194"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/13545"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://castlecops.com/t123194-.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=111552510000088\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/bugtraq/2005/May/0098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/113196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=288194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/13545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20574"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-01 21:02
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable."
}
],
"id": "CVE-2005-3415",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-01T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20386"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113081113317600\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22914"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-14 00:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en phpBB 2.0.21 permite a atacantes remotos autenticados enviar mensajes no autorizados como un usuario de su elecci\u00f3n mediante vectores no especificados.\r\nNOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido solamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2006-6508",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-12-14T00:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23283"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php."
}
],
"id": "CVE-2005-1290",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111428283721756\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://neosecurityteam.net/Advisories/Advisory-14.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111428283721756\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://neosecurityteam.net/Advisories/Advisory-14.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-06 22:02
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as \"onmouseover\" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for \"\u003c\" and \"\u003e\" characters."
}
],
"id": "CVE-2006-0437",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-06T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18693"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/406"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22928"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php."
}
],
"id": "CVE-2004-1809",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107920498205324\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11121"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4257"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4259"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpbb.com/support/documents.php?mode=changelog#206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9865"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9866"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107920498205324\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpbb.com/support/documents.php?mode=changelog#206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15464"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-14 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the \"Upload Avatar from a URL:\" field to reference the target file."
}
],
"id": "CVE-2005-0259",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-14T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14362/"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=204\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/774686"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14362/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=204\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/774686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.6c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
],
"id": "CVE-2004-2358",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0219.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/9896"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0219.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/9896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-27 01:19
Modified
2025-04-09 00:30
Severity ?
Summary
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly"
},
{
"lang": "es",
"value": "** IMPUGNADA ** Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en includes/usercp_register.php de phpBB 2.0.19 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante un URL en el par\u00e1metro phpbb_root_path. NOTA: este problema ha sido impugnado por investigadores de terceras partes, afirmando que el archivo busca una constante global y no puede ser accedido directamente."
}
],
"id": "CVE-2007-1695",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-27T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4951A567-0C73-4C41-A694-B50293545936",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message."
}
],
"id": "CVE-2005-0871",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/14659"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013554"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/14659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19824"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=107530946123822&w=2 | ||
| cve@mitre.org | http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/9290 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=107530946123822&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9290 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables."
}
],
"id": "CVE-2004-2130",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107530946123822\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107530946123822\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter."
}
],
"id": "CVE-2002-0473",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/82/262600"
},
{
"source": "cve@mitre.org",
"url": "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483"
},
{
"source": "cve@mitre.org",
"url": "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8476.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4268"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/82/262600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8476.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4380"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags."
}
],
"id": "CVE-2005-2161",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112059951605939\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-768"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitylab.ru/55612.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112059951605939\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitylab.ru/55612.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-28 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message."
}
],
"id": "CVE-2005-0603",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-28T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110943646112950\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://neossecurity.net/Advisories/Advisory-06.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14413"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110943646112950\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://neossecurity.net/Advisories/Advisory-06.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-10 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.19 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key (\"validation ID\") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts."
}
],
"id": "CVE-2006-0632",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-10T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18727"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22949"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/424074/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0461"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/424074/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24573"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-20 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message."
}
],
"id": "CVE-2005-4358",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-20T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18125"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18252"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/269"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21804"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=352966"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=352966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0010"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-20 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when \"Allowed HTML tags\" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with \" (quote) characters and active attributes such as onmouseover."
}
],
"id": "CVE-2005-4357",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-20T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18125"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18252"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securityreason.com/securityalert/269"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21803"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=352966"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=113484567432679\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/achievement_securityalert/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securityreason.com/securityalert/269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=352966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420537/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0010"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.0.0 | |
| phpbb_group | phpbb | 1.2.0 | |
| phpbb_group | phpbb | 1.2.1 | |
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 | |
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5879-39FE-4BFF-B391-52EAA58D1A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581594BF-92CE-4B16-95DC-200E11C64591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFC1B3-8C7D-4B63-8E92-F1759EACA2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message."
}
],
"id": "CVE-2005-0659",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110996579900134\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://neosecurityteam.net/Advisories/Advisory-09.txt"
},
{
"source": "cve@mitre.org",
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=9"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1013377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110996579900134\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://neosecurityteam.net/Advisories/Advisory-09.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://neosecurityteam.tk/index.php?pagina=advisories\u0026id=9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1013377"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-15 16:06
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "101667DF-0B3E-49A1-A0C9-BDBEEC9F89CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection."
}
],
"id": "CVE-2006-2359",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-15T16:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17952"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26414"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4951A567-0C73-4C41-A694-B50293545936",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter."
}
],
"id": "CVE-2005-0872",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/14659"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1013554"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111168190630576\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/14659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1013554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19821"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-22 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type."
}
],
"id": "CVE-2005-3536",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-22T23:03:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "security@debian.org",
"url": "http://www.osvdb.org/22270"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15246"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-12 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * | |
| phpbb_group | phpbb | 1.0.0 | |
| phpbb_group | phpbb | 1.0.1 | |
| phpbb_group | phpbb | 1.2.0 | |
| phpbb_group | phpbb | 1.2.1 | |
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 | |
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "101667DF-0B3E-49A1-A0C9-BDBEEC9F89CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5879-39FE-4BFF-B391-52EAA58D1A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4951A567-0C73-4C41-A694-B50293545936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581594BF-92CE-4B16-95DC-200E11C64591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFC1B3-8C7D-4B63-8E92-F1759EACA2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm."
}
],
"id": "CVE-2004-1315",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110029415208724\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110365752909029\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?t=110079440800004\u0026r=1\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13239/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/497400"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=240513"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/385208"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10701"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-356A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18052"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/200411-32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110029415208724\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110365752909029\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?t=110079440800004\u0026r=1\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13239/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/497400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=240513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/385208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-356A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/200411-32"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-20 23:07
Modified
2025-04-09 00:30
Severity ?
Summary
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44059D10-0F41-4F22-B3FD-7DAF1D89CD72",
"versionEndIncluding": "2.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use"
},
{
"lang": "es",
"value": "** IMPUGNADA ** Vulnerabilidad PHP de inclusi\u00f3n remota de archivo en groupcp.php en phpBB 2.0.10 y anteriores permite a un atacante remoto ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en el par\u00e1meto phpbb_root_path. NOTA: el CVE y el fabricante niegan esta vulnerabilidad porque $phpbb_root_path se define antes de usarlo."
}
],
"id": "CVE-2006-5435",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-20T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses."
}
],
"id": "CVE-2004-1950",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108239864203144\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108241122908409\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11434"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10170"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108239864203144\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108241122908409\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15909"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-05 19:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when \"Allowed HTML tags\" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with \u0027 (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpBB 2.0.19, cuando est\u00e1 habilitado \"etiquetas HTML permitidas\", permite a atacantes remotos inyectar \u0027scritp\u0027 web o HTML de su elecci\u00f3n mediante una etiqueta HTML permitida con caracteres \u0027 (comilla simple) y atributos activos como \"onmouseover\", una variante de CVE-2005-4357."
}
],
"id": "CVE-2006-0063",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-05T19:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securityreason.com/achievement_securityalert/30"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/313"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22672"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securityreason.com/achievement_securityalert/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0051"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-27 00:03
Modified
2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.19 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database."
},
{
"lang": "es",
"value": "phpBB 2.0.19 y anteriores permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante (1) el registro de muchos usuarios mediante profile.php o (2) el uso uso de search.php para buscar de cierta manera que confunde a la base de datos."
}
],
"id": "CVE-2006-0450",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-27T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://h4cky0u.org/viewtopic.php?t=637"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/368"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-001-phpbb.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423030/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h4cky0u.org/viewtopic.php?t=637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-001-phpbb.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423030/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24327"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-20 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "101667DF-0B3E-49A1-A0C9-BDBEEC9F89CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability."
}
],
"id": "CVE-2006-1896",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20093"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20197"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/715"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/762"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2006/dsa-1066"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431015/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431387/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2006/dsa-1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431015/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431387/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25889"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-06 22:02
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.19 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php."
}
],
"id": "CVE-2006-0438",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-06T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18693"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/406"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22929"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_securityalert/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | rc1 | |
| phpbb_group | phpbb | rc1_pre | |
| phpbb_group | phpbb | rc2 | |
| phpbb_group | phpbb | rc3 | |
| phpbb_group | phpbb | rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB93717-8B41-4BE0-8DA9-B533F8E4EE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:rc1_pre:*:*:*:*:*:*:*",
"matchCriteriaId": "D341179B-3521-477C-8997-25575BB850D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "696B979C-A50F-4602-97AA-413CFD1A2637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1811B1F-60D5-4562-B69E-ADB4F60FB993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "69A93C92-1705-4915-920E-3F816600E568",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code."
}
],
"id": "CVE-2004-1535",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110075903308817\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110082153702843\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110075903308817\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110082153702843\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18151"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter."
}
],
"id": "CVE-2004-1943",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108244738102532\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10177"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108244738102532\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15916"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-14 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via \"/../\" sequences in the avatarselect parameter."
}
],
"id": "CVE-2005-0258",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-14T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=205\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=205\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.phpbb.com/support/documents.php?mode=changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-30 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request."
},
{
"lang": "es",
"value": "usercp_avatar.php en PHPBB 2.0.20, cuando la subida de ficheros avatar est\u00e1 habilitada, permite a atacantes remotos usar el servidor como un proxy web enviando una URL al par\u00e1metro avatarurl, el cual es usado entonces en una petici\u00f3n HTTP GET."
}
],
"id": "CVE-2006-4450",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-30T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20093"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1470"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17965"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26537"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable."
}
],
"id": "CVE-2001-1482",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/219178"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3411"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/219178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7253"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-04 10:04
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"id": "CVE-2006-1603",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-04T10:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19494"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24353"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17355"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1191"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/ref/24/24353-phpbb.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25599"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-29 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.0.0 | |
| phpbb_group | phpbb | 1.2.0 | |
| phpbb_group | phpbb | 1.2.1 | |
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 | |
| phpbb_group | phpbb | 1.4.2 | |
| phpbb_group | phpbb | 1.4.4 | |
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5879-39FE-4BFF-B391-52EAA58D1A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581594BF-92CE-4B16-95DC-200E11C64591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFC1B3-8C7D-4B63-8E92-F1759EACA2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4E7219-C05D-4269-990B-4B523564BF71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A729BD82-D5BA-4BF9-812C-ADACEF42F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter."
}
],
"id": "CVE-2003-1215",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-29T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107273069130885\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9314"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107273069130885\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=161943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14096"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phpBB 2.0.8 permite a atacantes remotos inyectar scritp web o HTML de su elecci\u00f3n mediante \r\n(1) el par\u00e1metro cat_title en index.php\r\n(2) el par\u00e1metro faq[0][0] en lang_faq.php, cuando se accede desde faq.php, o \r\n(3) el par\u00e1metro faq[0][0] en lang_bbcode cuando se accede desde faq.php."
}
],
"id": "CVE-2004-0730",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10738"
},
{
"source": "cve@mitre.org",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16724"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16725"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108999024506020\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16726"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "101667DF-0B3E-49A1-A0C9-BDBEEC9F89CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php."
}
],
"id": "CVE-2005-1116",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111343406309969\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-26 01:02
Modified
2025-04-03 01:03
Severity ?
Summary
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB."
}
],
"id": "CVE-2005-3310",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-26T01:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0479.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113017003617987\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17295/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18098"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15170"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0479.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113017003617987\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17295/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22837"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-03 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.4.0 | |
| phpbb_group | phpbb | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3575646-AF8E-4D33-97DE-E6EA468D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7717E4CC-C7D1-4DB3-8F15-A6DC3C957B34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter."
}
],
"id": "CVE-2001-1472",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/314347"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/201715"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/3142"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/314347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/201715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/3142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6944"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter."
}
],
"id": "CVE-2004-2055",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12114"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10753"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109034476122723\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16758"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}