Vulnerabilities > Phpbb Group > Phpbb > 1.4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-02 | CVE-2006-2134 | Remote File Include vulnerability in phpBB Knowledge Base Mod KB_constants.PHP PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 5.1 |
2005-05-02 | CVE-2005-0659 | Information Disclosure vulnerability in phpBB phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | 5.0 |
2005-05-02 | CVE-2005-0614 | Remote Security vulnerability in phpBB sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. | 7.5 |
2004-12-31 | CVE-2004-2350 | SQL Injection vulnerability in PHPBB Search.PHP Search_Results Parameter SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter. | 7.5 |
2004-11-12 | CVE-2004-1315 | Unspecified vulnerability in PHPbb Group PHPbb viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. | 7.5 |
2003-12-31 | CVE-2003-1373 | Path Traversal vulnerability in PHPbb Group PHPbb Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. | 6.8 |
2003-12-29 | CVE-2003-1215 | SQL Injection vulnerability in phpBB GroupCP.PHP SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter. | 4.6 |
2003-11-27 | CVE-2003-1216 | SQL Injection vulnerability in phpBB search.php SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. | 7.5 |
2002-08-12 | CVE-2002-0533 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | 5.0 |
2002-08-12 | CVE-2002-0475 | Unspecified vulnerability in PHPbb Group PHPbb Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | 5.1 |