Vulnerabilities > Minibb

DATE CVE VULNERABILITY TITLE RISK
2007-04-26 CVE-2007-2317 Remote File Include vulnerability in TOSMO/Mambo Absolute_Path
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php.
network
low complexity
minibb tosmo-mambo
7.5
2007-03-07 CVE-2006-7156 Remote File Include vulnerability in MiniBB Keyword Replacer Plugin
PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
network
low complexity
minibb
critical
10.0
2007-03-07 CVE-2006-7153 Remote Security vulnerability in Minibb Forum 2
PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.
network
low complexity
minibb
critical
10.0
2006-11-03 CVE-2006-5674 Remote Security vulnerability in MiniBB
Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin.
network
low complexity
minibb
7.5
2006-11-03 CVE-2006-5673 Remote File Include vulnerability in MiniBB
PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
network
minibb
6.8
2006-08-01 CVE-2006-3955 Remote File Include vulnerability in Minibb 1.5A
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php.
network
low complexity
minibb
7.5
2006-07-21 CVE-2006-3690 Remote File Include vulnerability in Minibb Forum 1.5A
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.
network
low complexity
minibb
7.5
2004-12-31 CVE-2004-2456 Remote SQL Injection vulnerability in MiniBB
SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action.
network
low complexity
minibb
7.5