CVE-2006-4450
- EPSS 4.01%
- Veröffentlicht 30.08.2006 01:04:00
- Zuletzt bearbeitet 16.06.2026 22:29:07
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
CVE-2006-2865
- EPSS 2.82%
- Veröffentlicht 06.06.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:25:56
PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in php...
CVE-2006-2360
- EPSS 1.12%
- Veröffentlicht 15.05.2006 16:06:00
- Zuletzt bearbeitet 16.06.2026 22:24:51
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-2359
- EPSS 1%
- Veröffentlicht 15.05.2006 16:06:00
- Zuletzt bearbeitet 16.06.2026 22:24:50
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2134
- EPSS 9.5%
- Veröffentlicht 02.05.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:24:24
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
- EPSS 1.28%
- Veröffentlicht 20.04.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:23:53
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight func...
CVE-2006-1895
- EPSS 1.39%
- Veröffentlicht 20.04.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:23:53
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match...
CVE-2006-1775
- EPSS 1.2%
- Veröffentlicht 13.04.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:23:39
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) ad...
CVE-2006-1603
- EPSS 1.33%
- Veröffentlicht 04.04.2006 10:04:00
- Zuletzt bearbeitet 16.06.2026 22:23:16
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained sole...
CVE-2006-0632
- EPSS 2.5%
- Veröffentlicht 10.02.2006 11:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:58
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain ...