Vulnerabilities > Phpbb Group > Phpbb > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-10 | CVE-2006-5209 | Remote Security vulnerability in phpBB PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
| 2006-05-15 | CVE-2006-2360 | Input Validation vulnerability in Chart Mod SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-22 | CVE-2005-3536 | Multiple Unspecified vulnerability in PHPBB SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | 7.5 |
| 2005-11-01 | CVE-2005-3420 | Unspecified vulnerability in PHPbb Group PHPbb usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement. | 7.5 |
| 2005-11-01 | CVE-2005-3419 | Unspecified vulnerability in PHPbb Group PHPbb SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized. | 7.5 |
| 2005-11-01 | CVE-2005-3417 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables. | 7.5 |
| 2005-11-01 | CVE-2005-3416 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail. | 7.5 |
| 2005-11-01 | CVE-2005-3415 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable. | 7.5 |
| 2005-07-05 | CVE-2005-2086 | Remote Security vulnerability in PHPbb Group PHPbb 2.0.15 PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | 7.5 |
| 2005-05-16 | CVE-2005-1193 | Unspecified vulnerability in PHPbb Group PHPbb The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag. | 7.5 |