Phpbb

Phpbb

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2010-1630

  • EPSS 0.46%
  • Veröffentlicht 19.05.2010 22:30:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."

4.3

CVE-2010-1627

  • EPSS 0.14%
  • Veröffentlicht 19.05.2010 22:30:00
  • Zuletzt bearbeitet 29.04.2026 01:13:23

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum.

6.8

CVE-2008-7143

  • EPSS 0.43%
  • Veröffentlicht 01.09.2009 16:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might ...

5

CVE-2008-6507

  • EPSS 0.38%
  • Veröffentlicht 23.03.2009 16:30:01
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum.

5

CVE-2008-6506

  • EPSS 0.54%
  • Veröffentlicht 23.03.2009 16:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors.

5

CVE-2008-4125

  • EPSS 0.22%
  • Veröffentlicht 18.09.2008 17:59:33
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vu...

10

CVE-2008-3224

  • EPSS 0.32%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."

10

CVE-2008-1766

  • EPSS 0.32%
  • Veröffentlicht 12.04.2008 20:05:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."

4.3

CVE-2008-0471

  • EPSS 0.26%
  • Veröffentlicht 29.01.2008 20:00:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.

7.5

CVE-2007-5688

Exploit
  • EPSS 0.43%
  • Veröffentlicht 29.10.2007 19:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2)...