panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
Max CVSS
9.8
EPSS Score
0.66%
Published
2020-01-27
Updated
2021-07-21
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
Max CVSS
8.8
EPSS Score
0.44%
Published
2020-01-22
Updated
2020-01-24
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.
Max CVSS
9.0
EPSS Score
2.00%
Published
2020-01-22
Updated
2020-01-29
Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.
Max CVSS
9.3
EPSS Score
0.69%
Published
2007-07-25
Updated
2018-10-15
SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module.
Max CVSS
6.4
EPSS Score
0.70%
Published
2006-05-22
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format.
Max CVSS
6.8
EPSS Score
1.94%
Published
2006-05-22
Updated
2017-07-20
SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function.
Max CVSS
7.5
EPSS Score
0.65%
Published
2005-08-03
Updated
2017-07-11
7 vulnerabilities found