The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.
Max CVSS
5.0
EPSS Score
0.30%
Published
2008-09-18
Updated
2017-08-08
Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."
Max CVSS
10.0
EPSS Score
0.27%
Published
2008-07-18
Updated
2017-08-08
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
Max CVSS
10.0
EPSS Score
0.27%
Published
2008-04-12
Updated
2017-08-08
Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.
Max CVSS
4.3
EPSS Score
0.23%
Published
2008-01-29
Updated
2018-10-15
4 vulnerabilities found