Vulnerabilities > Phpbb > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-17 | CVE-2018-19274 | Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. | 7.2 |
2010-05-19 | CVE-2010-1630 | Unspecified vulnerability in PHPbb Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement." | 7.5 |
2009-02-27 | CVE-2008-6314 | SQL Injection vulnerability in PHPbb TAG Board SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | 7.5 |
2009-02-26 | CVE-2008-6301 | SQL Injection vulnerability in Prezmo Small Shoutbox 1.4 SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | 7.5 |
2008-03-31 | CVE-2008-1565 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-03-25 | CVE-2008-1512 | Path Traversal vulnerability in PHPbb Module XS 2.3.1/2.4.0 Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. | 7.5 |
2008-03-12 | CVE-2008-1305 | SQL Injection vulnerability in Chieminger Filebase Module 2.0 SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-12-04 | CVE-2007-6223 | SQL Injection vulnerability in PHPbb Garage 1.2.0Beta3 SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode. | 7.5 |
2007-10-29 | CVE-2007-5688 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters. | 7.5 |
2007-09-19 | CVE-2007-4984 | SQL Injection vulnerability in Ktauber Stylesdemo 0.9.9 SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter. | 7.5 |