Minibb : Security Vulnerabilities, CVEs, (File inclusion)
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.
Max CVSS
7.5
EPSS Score
15.79%
Published
2007-04-26
Updated
2017-10-11
PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
Max CVSS
10.0
EPSS Score
15.33%
Published
2007-03-07
Updated
2017-10-19
PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.
Max CVSS
10.0
EPSS Score
3.11%
Published
2007-03-07
Updated
2018-10-16
Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin.
Max CVSS
7.5
EPSS Score
1.17%
Published
2006-11-03
Updated
2008-11-13
PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
Max CVSS
6.8
EPSS Score
16.83%
Published
2006-11-03
Updated
2017-10-19
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php.
Max CVSS
7.5
EPSS Score
14.79%
Published
2006-08-01
Updated
2018-10-17
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.
Max CVSS
7.5
EPSS Score
13.14%
Published
2006-07-21
Updated
2018-10-18
7 vulnerabilities found