Vulnerabilities > Minibb > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-07-31 | CVE-2013-5020 | Cross-Site Scripting vulnerability in Minibb Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. | 4.3 |
2008-05-02 | CVE-2008-2066 | Cross-Site Scripting vulnerability in Minibb 2.2A Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. | 4.3 |
2008-04-30 | CVE-2008-2029 | SQL Injection vulnerability in Minibb Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php. | 6.8 |
2008-04-30 | CVE-2008-2028 | Information Exposure vulnerability in Minibb miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message. | 4.3 |
2008-04-30 | CVE-2008-2024 | Cross-Site Scripting vulnerability in Minibb Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action. | 4.3 |
2006-11-03 | CVE-2006-5673 | Remote File Include vulnerability in MiniBB PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. network minibb | 6.8 |