Phpbb : Security Vulnerabilities, CVEs, CVSS score >= 8
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.
Max CVSS
8.8
EPSS Score
0.55%
Published
2019-09-30
Updated
2019-11-21
Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."
Max CVSS
10.0
EPSS Score
0.27%
Published
2008-07-18
Updated
2017-08-08
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
Max CVSS
10.0
EPSS Score
0.27%
Published
2008-04-12
Updated
2017-08-08
PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Max CVSS
9.3
EPSS Score
8.85%
Published
2007-07-21
Updated
2017-09-29
PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235.
Max CVSS
10.0
EPSS Score
1.08%
Published
2007-03-21
Updated
2018-10-16
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
Max CVSS
10.0
EPSS Score
5.04%
Published
2007-03-07
Updated
2018-10-16
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
Max CVSS
8.8
EPSS Score
1.57%
Published
2001-07-31
Updated
2024-02-15
7 vulnerabilities found