Vulnerabilities > Phpbb > Phpbb > 3.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-5917 | Cross-site Scripting vulnerability in PHPbb A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. | 6.1 |
| 2020-08-17 | CVE-2020-8226 | Server-Side Request Forgery (SSRF) vulnerability in PHPbb A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. | 5.0 |
| 2019-11-14 | CVE-2011-0544 | Cross-site Scripting vulnerability in multiple products phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | 4.3 |
| 2019-09-30 | CVE-2019-16993 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. | 6.8 |
| 2019-05-05 | CVE-2019-11767 | Server-Side Request Forgery (SSRF) vulnerability in PHPbb Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function. | 5.0 |
| 2019-05-02 | CVE-2019-9826 | Improper Input Validation vulnerability in PHPbb The fulltext search component in phpBB before 3.2.6 allows Denial of Service. | 5.0 |
| 2018-11-17 | CVE-2018-19274 | Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. | 7.2 |
| 2015-02-10 | CVE-2015-1432 | Cross-Site Request Forgery (CSRF) vulnerability in PHPbb The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors. | 6.8 |
| 2015-02-10 | CVE-2015-1431 | Cross-site Scripting vulnerability in PHPbb Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite." | 4.3 |
| 2010-05-19 | CVE-2010-1630 | Unspecified vulnerability in PHPbb Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement." | 7.5 |