Vulnerabilities > Ultimate PHP Board
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-16 | CVE-2005-1614 | Cross-Site Scripting vulnerability in Ultimate PHP Board Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter. network ultimate-php-board | 6.8 |
| 2002-12-31 | CVE-2002-2322 | Improper Input Validation vulnerability in Ultimate PHP Board Ultimate PHP Board 1.0Beta Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. | 5.0 |
| 2002-12-31 | CVE-2002-2276 | Information Exposure vulnerability in Ultimate PHP Board Ultimate PHP Board 1.0 Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | 5.0 |
| 2002-12-31 | CVE-2002-1821 | Unspecified vulnerability in Ultimate PHP Board Ultimate PHP Board 1.0/1.0Beta Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php. | 4.6 |