phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.
Max CVSS
6.8
EPSS Score
0.39%
Published
2009-09-01
Updated
2018-10-11
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.
Max CVSS
5.0
EPSS Score
0.30%
Published
2008-09-18
Updated
2017-08-08
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.
Max CVSS
5.0
EPSS Score
0.70%
Published
2002-12-31
Updated
2008-09-05
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
Max CVSS
5.0
EPSS Score
0.20%
Published
2002-12-31
Updated
2008-09-05
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!