Every CVE whose affected-product data names Phpbb Group Phpbb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (81)
CVE-2006-6840 — CVSS 10.0 (critical): Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
CVE-2006-6839 — CVSS 10.0 (critical): Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection…
CVE-2002-2176 — CVSS 10.0 (critical): SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the…
CVE-2007-1695 — CVSS 10.0 (critical): PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP…
CVE-2006-6841 — CVSS 10.0 (critical): Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
CVE-2002-0473 — CVSS 10.0 (critical): db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the…
CVE-2002-1537 — CVSS 10.0 (critical): admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed…
CVE-2006-2865 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the…
CVE-2001-1482 — CVSS 7.5 (high): SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby…
CVE-2002-0902 — CVSS 7.5 (high): Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including…
CVE-2003-1216 — CVSS 7.5 (high): SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges…
CVE-2003-1244 — CVSS 7.5 (high): SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and…
CVE-2004-1315 — CVSS 7.5 (high): viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight…
CVE-2004-1535 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary…
CVE-2004-1943 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary…
CVE-2004-2350 — CVSS 7.5 (high): SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges…
CVE-2005-0614 — CVSS 7.5 (high): sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
CVE-2005-1047 — CVSS 7.5 (high): Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote…
CVE-2005-1114 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL…
CVE-2005-1193 — CVSS 7.5 (high): The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and…
CVE-2005-1196 — CVSS 7.5 (high): SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and…
CVE-2005-2086 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
CVE-2005-3415 — CVSS 7.5 (high): phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a…
CVE-2005-3416 — CVSS 7.5 (high): phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows…
CVE-2005-3417 — CVSS 7.5 (high): phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and…
CVE-2005-3419 — CVSS 7.5 (high): SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the…
CVE-2005-3420 — CVSS 7.5 (high): usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid…
CVE-2005-3536 — CVSS 7.5 (high): SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.
CVE-2006-2360 — CVSS 7.5 (high): SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id…
CVE-2006-5209 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used…
CVE-2006-5435 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code…
CVE-2003-1373 — CVSS 6.8 (medium): Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via…
CVE-2004-0730 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1)…
CVE-2004-0339 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute…
CVE-2003-0484 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id…
CVE-2006-1895 — CVSS 6.5 (medium): Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute…
CVE-2006-0632 — CVSS 6.4 (medium): The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation…
CVE-2005-0259 — CVSS 6.4 (medium): phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by…
CVE-2006-1896 — CVSS 6.0 (medium): Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via…
CVE-2006-6508 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an…
CVE-2006-6421 — CVSS 6.0 (medium): Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated…
CVE-2002-0475 — CVSS 5.1 (medium): Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by…
CVE-2006-2134 — CVSS 5.1 (medium): PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote…
CVE-2006-4450 — CVSS 5.1 (medium): usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting…
CVE-2005-0603 — CVSS 5.0 (medium): viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing…
CVE-2005-0659 — CVSS 5.0 (medium): phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path…
CVE-2005-0871 — CVSS 5.0 (medium): calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain…
CVE-2006-2219 — CVSS 5.0 (medium): phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote…
CVE-2002-1707 — CVSS 5.0 (medium): install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to…
CVE-2002-0533 — CVSS 5.0 (medium): phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via…
CVE-2005-3537 — CVSS 5.0 (medium): A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by…
CVE-2005-3799 — CVSS 5.0 (medium): phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals…
CVE-2005-4358 — CVSS 5.0 (medium): admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty…
CVE-2006-0438 — CVSS 5.0 (medium): Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote…
CVE-2003-0486 — CVSS 5.0 (medium): SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id…
CVE-2006-0450 — CVSS 5.0 (medium): phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through…
CVE-2004-0729 — CVSS 5.0 (medium): PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq…
CVE-2004-1950 — CVSS 5.0 (medium): phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP…
CVE-2004-2054 — CVSS 5.0 (medium): CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected…
CVE-2005-0258 — CVSS 5.0 (medium): Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with…
CVE-2001-1472 — CVSS 4.6 (medium): SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and…
CVE-2003-1215 — CVSS 4.6 (medium): SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the…
CVE-2006-4758 — CVSS 4.6 (medium): phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary…
CVE-2005-2161 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url]…
CVE-2005-1290 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or…
CVE-2006-2359 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or…
CVE-2005-1116 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via…
CVE-2006-1603 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2006-1775 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the…
CVE-2005-3418 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or…
CVE-2002-1894 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2004-1809 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2005-1115 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web…
CVE-2005-0872 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to…
CVE-2004-2055 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web…
CVE-2004-2130 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or…
CVE-2006-0063 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary…
CVE-2006-0437 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or…
CVE-2005-0673 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or…
CVE-2005-3310 — CVSS 3.5 (low): Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject…
CVE-2005-4357 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary…