Vulnerabilities > Phpbb Group
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-31 | CVE-2002-1894 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.3 Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. network phpbb-group | 4.3 |
2002-12-31 | CVE-2002-1707 | Remote File Include vulnerability in PHPBB2 Install.PHP install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | 5.0 |
2002-10-04 | CVE-2002-0902 | HTML Injection vulnerability in PHPBB2 Image Tag Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | 7.5 |
2002-08-12 | CVE-2002-0533 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | 5.0 |
2002-08-12 | CVE-2002-0475 | Unspecified vulnerability in PHPbb Group PHPbb Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | 5.1 |
2002-08-12 | CVE-2002-0473 | Remote File Include vulnerability in PHPBB2 'phpbb_root_path' db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. | 10.0 |
2001-12-31 | CVE-2001-1482 | Remote SQL Query Manipulation vulnerability in PHPbb Group PHPbb 1.4.2 SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable. | 7.5 |
2001-08-03 | CVE-2001-1472 | Remote SQL Query Manipulation vulnerability in PHPbb Group PHPbb 1.4.0/1.4.1 SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. | 4.6 |