Phpbb : Security Vulnerabilities, CVEs, Published In 2009 CVSS score >= 3

CVE-2008-7143

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.
Max CVSS
6.8
EPSS Score
0.39%
Published
2009-09-01
Updated
2018-10-11

CVE-2008-6507

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum.
Max CVSS
5.0
EPSS Score
0.12%
Published
2009-03-23
Updated
2009-03-24

CVE-2008-6506

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors.
Max CVSS
5.0
EPSS Score
0.30%
Published
2009-03-23
Updated
2017-08-17

CVE-2008-6314

SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-02-27
Updated
2017-09-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close