Usebb : Security Vulnerabilities, CVEs, CVSS score >= 9
panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
Max CVSS
9.8
EPSS Score
0.66%
Published
2020-01-27
Updated
2021-07-21
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.
Max CVSS
9.0
EPSS Score
2.00%
Published
2020-01-22
Updated
2020-01-29
Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.
Max CVSS
9.3
EPSS Score
0.69%
Published
2007-07-25
Updated
2018-10-15
3 vulnerabilities found