Vulnerabilities > Minibb > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-31 | CVE-2014-9254 | SQL Injection vulnerability in Minibb 3.1 bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php. | 7.5 |
| 2008-05-02 | CVE-2008-2067 | SQL Injection vulnerability in Minibb 2.2A SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. | 7.5 |
| 2007-10-30 | CVE-2007-5719 | SQL Injection vulnerability in Minibb 2.1 SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php. | 7.5 |
| 2007-06-19 | CVE-2007-3272 | Local File Include vulnerability in Minibb 2.0.5 Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2007-04-26 | CVE-2007-2317 | Remote File Include vulnerability in TOSMO/Mambo Absolute_Path Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. | 7.5 |
| 2006-11-03 | CVE-2006-5674 | Remote Security vulnerability in MiniBB Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin. | 7.5 |
| 2006-08-01 | CVE-2006-3955 | Remote File Include vulnerability in Minibb 1.5A Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php. | 7.5 |
| 2006-07-21 | CVE-2006-3690 | Remote File Include vulnerability in Minibb Forum 1.5A Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php. | 7.5 |
| 2004-12-31 | CVE-2004-2456 | Remote SQL Injection vulnerability in MiniBB SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action. | 7.5 |