Phpbb Group : Security Vulnerabilities, CVEs, Published In 2003
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
Max CVSS
10.0
EPSS Score
0.21%
Published
2003-03-31
Updated
2008-09-05
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
Max CVSS
7.5
EPSS Score
2.00%
Published
2003-11-27
Updated
2017-07-11
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2003-12-31
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
Max CVSS
6.8
EPSS Score
0.36%
Published
2003-08-07
Updated
2016-10-18
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
Max CVSS
6.8
EPSS Score
0.61%
Published
2003-12-31
Updated
2017-07-29
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
Max CVSS
5.0
EPSS Score
0.35%
Published
2003-08-07
Updated
2017-07-11
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-12-29
Updated
2017-07-11
7 vulnerabilities found