Ultimate Php Board

Ultimate Php Board

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-61540

  • EPSS 0.27%
  • Veröffentlicht 16.10.2025 00:00:00
  • Zuletzt bearbeitet 21.10.2025 12:12:14

SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.

6.1

CVE-2025-61539

  • EPSS 0.25%
  • Veröffentlicht 16.10.2025 00:00:00
  • Zuletzt bearbeitet 21.10.2025 12:12:05

Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.

6.8

CVE-2006-7169

  • EPSS 5.06%
  • Veröffentlicht 20.03.2007 10:19:00
  • Zuletzt bearbeitet 16.06.2026 22:34:30

PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter.

7.5

CVE-2006-6790

  • EPSS 2.22%
  • Veröffentlicht 28.12.2006 00:28:00
  • Zuletzt bearbeitet 16.06.2026 22:33:48

Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.

10

CVE-2006-3203

Exploit
  • EPSS 2.68%
  • Veröffentlicht 24.06.2006 01:06:00
  • Zuletzt bearbeitet 16.06.2026 22:26:37

The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges.

6.5

CVE-2006-3208

Exploit
  • EPSS 1.33%
  • Veröffentlicht 24.06.2006 01:06:00
  • Zuletzt bearbeitet 16.06.2026 22:26:37

Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_c...

5

CVE-2006-3207

  • EPSS 1.26%
  • Veröffentlicht 24.06.2006 01:06:00
  • Zuletzt bearbeitet 16.06.2026 22:26:37

Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injec...

5

CVE-2006-3206

  • EPSS 1.02%
  • Veröffentlicht 24.06.2006 01:06:00
  • Zuletzt bearbeitet 16.06.2026 22:26:37

register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records.

5

CVE-2006-3205

  • EPSS 1.35%
  • Veröffentlicht 24.06.2006 01:06:00
  • Zuletzt bearbeitet 16.06.2026 22:26:37

Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions.

5

CVE-2006-3204

Exploit
  • EPSS 1.81%
  • Veröffentlicht 24.06.2006 01:06:00
  • Zuletzt bearbeitet 16.06.2026 22:26:37

Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext...