Vulnerabilities > Phpbb Group > Phpbb > 2.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-29 | CVE-2003-1215 | SQL Injection vulnerability in phpBB GroupCP.PHP SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter. | 4.6 |
| 2003-11-27 | CVE-2003-1216 | SQL Injection vulnerability in phpBB search.php SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. | 7.5 |
| 2003-03-31 | CVE-2002-1537 | Unspecified vulnerability in PHPbb Group PHPbb 2.0.0 admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u". | 10.0 |
| 2002-12-31 | CVE-2002-2176 | Remote SQL Injection vulnerability in phpBB2 Gender Mod SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. | 10.0 |
| 2002-12-31 | CVE-2002-1707 | Remote File Include vulnerability in PHPBB2 Install.PHP install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | 5.0 |
| 2002-10-04 | CVE-2002-0902 | HTML Injection vulnerability in PHPBB2 Image Tag Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | 7.5 |