Vulnerabilities > Phpbb Group > Phpbb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-29 | CVE-2003-1215 | SQL Injection vulnerability in phpBB GroupCP.PHP SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter. | 4.6 |
| 2003-08-07 | CVE-2003-0486 | SQL Injection vulnerability in phpBB Viewtopic.PHP SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. | 5.0 |
| 2003-08-07 | CVE-2003-0484 | Cross-Site Scripting vulnerability in phpBB Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. network phpbb-group | 6.8 |
| 2002-12-31 | CVE-2002-1894 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.3 Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. network phpbb-group | 4.3 |
| 2002-12-31 | CVE-2002-1707 | Remote File Include vulnerability in PHPBB2 Install.PHP install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | 5.0 |
| 2002-08-12 | CVE-2002-0533 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | 5.0 |
| 2002-08-12 | CVE-2002-0475 | Unspecified vulnerability in PHPbb Group PHPbb Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | 5.1 |
| 2001-08-03 | CVE-2001-1472 | Remote SQL Query Manipulation vulnerability in PHPbb Group PHPbb 1.4.0/1.4.1 SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. | 4.6 |