Phpbb Group

Phpbb

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.37%
  • Veröffentlicht 01.11.2005 21:02:00
  • Zuletzt bearbeitet 16.06.2026 22:16:55

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] ...

  • EPSS 2.31%
  • Veröffentlicht 01.11.2005 21:02:00
  • Zuletzt bearbeitet 16.06.2026 22:16:55

phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings ...

  • EPSS 2.31%
  • Veröffentlicht 01.11.2005 21:02:00
  • Zuletzt bearbeitet 16.06.2026 22:16:55

phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.

  • EPSS 1.84%
  • Veröffentlicht 01.11.2005 21:02:00
  • Zuletzt bearbeitet 16.06.2026 22:16:55

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) lis...

  • EPSS 1.85%
  • Veröffentlicht 01.11.2005 21:02:00
  • Zuletzt bearbeitet 16.06.2026 22:16:55

SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.

Exploit
  • EPSS 1.17%
  • Veröffentlicht 26.10.2005 01:02:00
  • Zuletzt bearbeitet 16.06.2026 22:16:41

Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be execut...

  • EPSS 1.23%
  • Veröffentlicht 06.07.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:14:22

Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags.

  • EPSS 85.37%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:14:12

PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.

  • EPSS 16.36%
  • Veröffentlicht 16.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:12:37

The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) app...

  • EPSS 1.98%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:12:37

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.