Vulnerabilities > Minibb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-26 | CVE-2007-2317 | Remote File Include vulnerability in TOSMO/Mambo Absolute_Path Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. | 7.5 |
| 2007-03-07 | CVE-2006-7156 | Remote File Include vulnerability in MiniBB Keyword Replacer Plugin PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | 10.0 |
| 2007-03-07 | CVE-2006-7153 | Remote Security vulnerability in Minibb Forum 2 PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter. | 10.0 |
| 2006-11-03 | CVE-2006-5674 | Remote Security vulnerability in MiniBB Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin. | 7.5 |
| 2006-11-03 | CVE-2006-5673 | Remote File Include vulnerability in MiniBB PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. network minibb | 6.8 |
| 2006-08-01 | CVE-2006-3955 | Remote File Include vulnerability in Minibb 1.5A Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php. | 7.5 |
| 2006-07-21 | CVE-2006-3690 | Remote File Include vulnerability in Minibb Forum 1.5A Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php. | 7.5 |
| 2004-12-31 | CVE-2004-2456 | Remote SQL Injection vulnerability in MiniBB SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action. | 7.5 |