Vulnerabilities > Phpbb Group
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-13 | CVE-2006-4758 | Unspecified vulnerability in PHPbb Group PHPbb 2.0.21 phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. | 4.6 |
| 2006-08-30 | CVE-2006-4450 | Unspecified vulnerability in PHPbb Group PHPbb 2.0.20 usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. | 5.1 |
| 2006-07-31 | CVE-2006-3940 | SQL Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M/1.3M Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. | 7.5 |
| 2006-05-15 | CVE-2006-2360 | Input Validation vulnerability in Chart Mod SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-05-15 | CVE-2006-2359 | Input Validation vulnerability in Chart Mod Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. network phpbb-group | 4.3 |
| 2006-05-09 | CVE-2006-2245 | Code Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M/1.3M PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |
| 2006-05-03 | CVE-2006-2152 | Remote File Include vulnerability in Advanced GuestBook Addentry.PHP PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | 7.5 |
| 2006-05-03 | CVE-2006-2151 | Remote Security vulnerability in Phpbb Toplist PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | 7.5 |
| 2006-05-03 | CVE-2006-2150 | Remote Security vulnerability in PHPbb Group PHPbb Toplist 1.3.8 PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. | 6.4 |
| 2006-05-02 | CVE-2006-2134 | Remote File Include vulnerability in phpBB Knowledge Base Mod KB_constants.PHP PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 5.1 |