Vulnerabilities > Phpbb Group

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-1894 Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.3
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
network
phpbb-group
4.3
2002-12-31 CVE-2002-1707 Remote File Include vulnerability in PHPBB2 Install.PHP
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
network
low complexity
phpbb-group
5.0
2002-10-04 CVE-2002-0902 HTML Injection vulnerability in PHPBB2 Image Tag
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
network
low complexity
phpbb-group
7.5
2002-08-12 CVE-2002-0533 Unspecified vulnerability in PHPbb Group PHPbb
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
network
low complexity
phpbb-group
5.0
2002-08-12 CVE-2002-0475 Unspecified vulnerability in PHPbb Group PHPbb
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
network
high complexity
phpbb-group
5.1
2002-08-12 CVE-2002-0473 Remote File Include vulnerability in PHPBB2 'phpbb_root_path'
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
network
low complexity
phpbb-group
critical
10.0
2001-12-31 CVE-2001-1482 Remote SQL Query Manipulation vulnerability in PHPbb Group PHPbb 1.4.2
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
network
low complexity
phpbb-group
7.5
2001-08-03 CVE-2001-1472 Remote SQL Query Manipulation vulnerability in PHPbb Group PHPbb 1.4.0/1.4.1
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
local
low complexity
phpbb-group
4.6