Vulnerabilities > Phpbb Group > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-10 | CVE-2006-5209 | Remote Security vulnerability in phpBB PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
| 2006-09-14 | CVE-2006-4779 | Remote File Include vulnerability in Vitrax Premodded Functions_Portal.PHP PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
| 2006-07-31 | CVE-2006-3940 | SQL Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M/1.3M Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. | 7.5 |
| 2006-05-15 | CVE-2006-2360 | Input Validation vulnerability in Chart Mod SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-05-03 | CVE-2006-2152 | Remote File Include vulnerability in Advanced GuestBook Addentry.PHP PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | 7.5 |
| 2006-05-03 | CVE-2006-2151 | Remote Security vulnerability in Phpbb Toplist PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | 7.5 |
| 2005-12-22 | CVE-2005-3536 | Multiple Unspecified vulnerability in PHPBB SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | 7.5 |
| 2005-11-01 | CVE-2005-3420 | Unspecified vulnerability in PHPbb Group PHPbb usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement. | 7.5 |
| 2005-11-01 | CVE-2005-3419 | Unspecified vulnerability in PHPbb Group PHPbb SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized. | 7.5 |
| 2005-11-01 | CVE-2005-3417 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables. | 7.5 |