Search criteria
245 vulnerabilities found for phpbb by phpbb_group
CVE-2003-1373 (GCVE-0-2003-1373)
Vulnerability from cvelistv5 – Published: 2007-10-17 01:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1373",
"datePublished": "2007-10-17T01:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1695 (GCVE-0-2007-1695)
Vulnerability from cvelistv5 – Published: 2007-03-27 01:00 – Updated: 2024-08-07 13:06 Disputed
VLAI?
Summary
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"name": "20070324 Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"name": "20070324 Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"name": "20070324 Remote File Include In phpBB-2.0.19",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1695",
"datePublished": "2007-03-27T01:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2219 (GCVE-0-2006-2219)
Vulnerability from cvelistv5 – Published: 2007-02-08 17:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-multiple-path-disclosure(26306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"name": "837",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/837"
},
{
"name": "20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-multiple-path-disclosure(26306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"name": "837",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/837"
},
{
"name": "20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-multiple-path-disclosure(26306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"name": "837",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/837"
},
{
"name": "20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2219",
"datePublished": "2007-02-08T17:00:00",
"dateReserved": "2006-05-05T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6839 (GCVE-0-2006-6839)
Vulnerability from cvelistv5 – Published: 2007-01-03 02:00 – Updated: 2024-08-07 20:42
VLAI?
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to \"criteria for \u0027bad\u0027 redirection targets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to \"criteria for \u0027bad\u0027 redirection targets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6839",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6840 (GCVE-0-2006-6840)
Vulnerability from cvelistv5 – Published: 2007-01-03 02:00 – Updated: 2024-08-07 20:42
VLAI?
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a \"negative start parameter.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a \"negative start parameter.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6840",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6841 (GCVE-0-2006-6841)
Vulnerability from cvelistv5 – Published: 2007-01-03 02:00 – Updated: 2024-08-07 20:42
VLAI?
Summary
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6841",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6508 (GCVE-0-2006-6508)
Vulnerability from cvelistv5 – Published: 2006-12-14 00:00 – Updated: 2024-08-07 20:26
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-message-csrf(30786)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-message-csrf(30786)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-message-csrf(30786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "23283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6508",
"datePublished": "2006-12-14T00:00:00",
"dateReserved": "2006-12-13T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6421 (GCVE-0-2006-6421)
Vulnerability from cvelistv5 – Published: 2006-12-10 11:00 – Updated: 2024-08-07 20:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-privmsgphp-xss(30776)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"name": "20070111 phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "20070111 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"name": "22001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22001"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "20070112 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"name": "20061207 phpbb 2.0.x [xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23283"
},
{
"name": "2005",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \"Message body\" field in a message to a non-existent user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-privmsgphp-xss(30776)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"name": "20070111 phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "20070111 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"name": "22001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22001"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "20070112 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"name": "20061207 phpbb 2.0.x [xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23283"
},
{
"name": "2005",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \"Message body\" field in a message to a non-existent user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-privmsgphp-xss(30776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"name": "20070111 phpBB (privmsg.php) XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "20070111 Re: phpBB (privmsg.php) XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"name": "22001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22001"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "20070112 Re: phpBB (privmsg.php) XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"name": "20061207 phpbb 2.0.x [xss]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"name": "23283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23283"
},
{
"name": "2005",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6421",
"datePublished": "2006-12-10T11:00:00",
"dateReserved": "2006-12-09T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5435 (GCVE-0-2006-5435)
Vulnerability from cvelistv5 – Published: 2006-10-20 23:00 – Updated: 2024-08-07 19:48 Disputed
VLAI?
Summary
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061018 PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"name": "20061018 Re: PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061018 PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"name": "20061018 Re: PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061018 PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"name": "20061018 Re: PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5435",
"datePublished": "2006-10-20T23:00:00",
"dateReserved": "2006-10-20T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5209 (GCVE-0-2006-5209)
Vulnerability from cvelistv5 – Published: 2006-10-09 19:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-setmodules-file-include(29345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"name": "2475",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2475/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-setmodules-file-include(29345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"name": "2475",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2475/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-setmodules-file-include(29345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"name": "2475",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2475/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5209",
"datePublished": "2006-10-09T19:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:04.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1373 (GCVE-0-2003-1373)
Vulnerability from nvd – Published: 2007-10-17 01:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1373",
"datePublished": "2007-10-17T01:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1695 (GCVE-0-2007-1695)
Vulnerability from nvd – Published: 2007-03-27 01:00 – Updated: 2024-08-07 13:06 Disputed
VLAI?
Summary
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"name": "20070324 Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"name": "20070324 Remote File Include In phpBB-2.0.19",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"name": "20070324 Remote File Include In phpBB-2.0.19",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1695",
"datePublished": "2007-03-27T01:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2219 (GCVE-0-2006-2219)
Vulnerability from nvd – Published: 2007-02-08 17:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-multiple-path-disclosure(26306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"name": "837",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/837"
},
{
"name": "20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-multiple-path-disclosure(26306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"name": "837",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/837"
},
{
"name": "20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-multiple-path-disclosure(26306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"name": "20060505 phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"name": "837",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/837"
},
{
"name": "20060508 Re: phpBB 2.0.20 Full Path Disclosure and SQL Errors",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2219",
"datePublished": "2007-02-08T17:00:00",
"dateReserved": "2006-05-05T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6839 (GCVE-0-2006-6839)
Vulnerability from nvd – Published: 2007-01-03 02:00 – Updated: 2024-08-07 20:42
VLAI?
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to \"criteria for \u0027bad\u0027 redirection targets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to \"criteria for \u0027bad\u0027 redirection targets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6839",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6840 (GCVE-0-2006-6840)
Vulnerability from nvd – Published: 2007-01-03 02:00 – Updated: 2024-08-07 20:42
VLAI?
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a \"negative start parameter.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a \"negative start parameter.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6840",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6841 (GCVE-0-2006-6841)
Vulnerability from nvd – Published: 2007-01-03 02:00 – Updated: 2024-08-07 20:42
VLAI?
Summary
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6841",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6508 (GCVE-0-2006-6508)
Vulnerability from nvd – Published: 2006-12-14 00:00 – Updated: 2024-08-07 20:26
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-message-csrf(30786)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-message-csrf(30786)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"name": "28871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28871"
},
{
"name": "DSA-1488",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-message-csrf(30786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"name": "28871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28871"
},
{
"name": "DSA-1488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"name": "23283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6508",
"datePublished": "2006-12-14T00:00:00",
"dateReserved": "2006-12-13T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6421 (GCVE-0-2006-6421)
Vulnerability from nvd – Published: 2006-12-10 11:00 – Updated: 2024-08-07 20:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-privmsgphp-xss(30776)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"name": "20070111 phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "20070111 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"name": "22001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22001"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "20070112 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"name": "20061207 phpbb 2.0.x [xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23283"
},
{
"name": "2005",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \"Message body\" field in a message to a non-existent user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-privmsgphp-xss(30776)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"name": "20070111 phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "20070111 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"name": "22001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22001"
},
{
"name": "21806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "20070112 Re: phpBB (privmsg.php) XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"name": "20061207 phpbb 2.0.x [xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"name": "23283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23283"
},
{
"name": "2005",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \"Message body\" field in a message to a non-existent user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-privmsgphp-xss(30776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"name": "20070111 phpBB (privmsg.php) XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"name": "20070111 Re: phpBB (privmsg.php) XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"name": "22001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22001"
},
{
"name": "21806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"name": "20070112 Re: phpBB (privmsg.php) XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"name": "20061207 phpbb 2.0.x [xss]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"name": "23283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23283"
},
{
"name": "2005",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6421",
"datePublished": "2006-12-10T11:00:00",
"dateReserved": "2006-12-09T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5435 (GCVE-0-2006-5435)
Vulnerability from nvd – Published: 2006-10-20 23:00 – Updated: 2024-08-07 19:48 Disputed
VLAI?
Summary
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061018 PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"name": "20061018 Re: PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061018 PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"name": "20061018 Re: PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061018 PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"name": "20061018 Re: PhpBB\u003c=2.0.10 (groupcp.php) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5435",
"datePublished": "2006-10-20T23:00:00",
"dateReserved": "2006-10-20T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5209 (GCVE-0-2006-5209)
Vulnerability from nvd – Published: 2006-10-09 19:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-setmodules-file-include(29345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"name": "2475",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2475/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-setmodules-file-include(29345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"name": "2475",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2475/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-setmodules-file-include(29345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"name": "2475",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2475/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5209",
"datePublished": "2006-10-09T19:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:04.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2007-1695
Vulnerability from fkie_nvd - Published: 2007-03-27 01:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly"
},
{
"lang": "es",
"value": "** IMPUGNADA ** Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en includes/usercp_register.php de phpBB 2.0.19 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante un URL en el par\u00e1metro phpbb_root_path. NOTA: este problema ha sido impugnado por investigadores de terceras partes, afirmando que el archivo busca una constante global y no puede ser accedido directamente."
}
],
"id": "CVE-2007-1695",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-27T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2219
Vulnerability from fkie_nvd - Published: 2007-02-08 17:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message."
},
{
"lang": "es",
"value": "phpBB 2.0.20 no verifica tipos de variables de entrada especificadas por el usuario antes de ser pasadas a funciones dependientes del tipo, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible, como ha sido demostrado por (1) el par\u00e1metro mode a memberlist.php y el (2) par\u00e1metro highlight a viewtopic.php que son usados como argumento en las funciones htmlspecialchars o urlencode, lo cual muestra la ruta de instalaci\u00f3n en el mensaje de error resultante."
}
],
"id": "CVE-2006-2219",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-08T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/837"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=114695651425026\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=114731067321710\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=114685931319903\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6841
Vulnerability from fkie_nvd - Published: 2006-12-31 05:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.2.4_rc3 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.4_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2D8185-F760-4731-B829-C7498B4AB137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors."
},
{
"lang": "es",
"value": "Ciertas formas en phpBB anterior a 2.0.22 carecen de chequeo de sesiones, lo cual tiene un impacto desconocido y vectores de ataque remotos."
}
],
"id": "CVE-2006-6841",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6840
Vulnerability from fkie_nvd - Published: 2006-12-31 05:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.2.4_rc3 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.4_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2D8185-F760-4731-B829-C7498B4AB137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a \"negative start parameter.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en phpBB anterior a 2.0.22 tiene un impacto desconocido y vectores de ataque remotos relacionados con \"par\u00e1metro start negativo\"."
}
],
"id": "CVE-2006-6840",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6839
Vulnerability from fkie_nvd - Published: 2006-12-31 05:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 1.2.4_rc3 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:1.2.4_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2D8185-F760-4731-B829-C7498B4AB137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to \"criteria for \u0027bad\u0027 redirection targets.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en phpBB anterior a 2.0.22 tiene un impacto desconocido y vectores remotos de ataque relacionados con \"\tcriterios para los \u201cmalos\u201d objetivos de redirecci\u00f3n\"."
}
],
"id": "CVE-2006-6839",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21806"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6508
Vulnerability from fkie_nvd - Published: 2006-12-14 00:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en phpBB 2.0.21 permite a atacantes remotos autenticados enviar mensajes no autorizados como un usuario de su elecci\u00f3n mediante vectores no especificados.\r\nNOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido solamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2006-6508",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-12-14T00:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23283"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6421
Vulnerability from fkie_nvd - Published: 2006-12-10 11:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0 | |
| phpbb_group | phpbb | 2.0.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.19 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE04D5FE-021A-4E97-9166-8F7484F4C5F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B77B44-C3C9-4BC8-8D39-2200F1BACC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the \"Message body\" field in a message to a non-existent user."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el buz\u00f3n de mensajes privados en phpBB 2.0.x permite a un usuario remoto validado inyectar secuencias de comandos web o HTML a trav\u00e9s del campo \"cuerpo de mensaje\" de un mensaje a un usuario no existente."
}
],
"id": "CVE-2006-6421",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-10T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23283"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2005"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22001"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453774/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456728/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/456784/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30776"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-5435
Vulnerability from fkie_nvd - Published: 2006-10-20 23:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44059D10-0F41-4F22-B3FD-7DAF1D89CD72",
"versionEndIncluding": "2.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use"
},
{
"lang": "es",
"value": "** IMPUGNADA ** Vulnerabilidad PHP de inclusi\u00f3n remota de archivo en groupcp.php en phpBB 2.0.10 y anteriores permite a un atacante remoto ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en el par\u00e1meto phpbb_root_path. NOTA: el CVE y el fabricante niegan esta vulnerabilidad porque $phpbb_root_path se define antes de usarlo."
}
],
"id": "CVE-2006-5435",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-20T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449114/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449232/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-5209
Vulnerability from fkie_nvd - Published: 2006-10-10 04:06 - Updated: 2025-04-09 00:30
Severity ?
Summary
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0 | |
| phpbb_group | phpbb | 2.0.1 | |
| phpbb_group | phpbb | 2.0.2 | |
| phpbb_group | phpbb | 2.0.3 | |
| phpbb_group | phpbb | 2.0.4 | |
| phpbb_group | phpbb | 2.0.5 | |
| phpbb_group | phpbb | 2.0.6 | |
| phpbb_group | phpbb | 2.0.6c | |
| phpbb_group | phpbb | 2.0.6d | |
| phpbb_group | phpbb | 2.0.7 | |
| phpbb_group | phpbb | 2.0.7a | |
| phpbb_group | phpbb | 2.0.8 | |
| phpbb_group | phpbb | 2.0.8a | |
| phpbb_group | phpbb | 2.0.9 | |
| phpbb_group | phpbb | 2.0.10 | |
| phpbb_group | phpbb | 2.0.11 | |
| phpbb_group | phpbb | 2.0.12 | |
| phpbb_group | phpbb | 2.0.13 | |
| phpbb_group | phpbb | 2.0.14 | |
| phpbb_group | phpbb | 2.0.15 | |
| phpbb_group | phpbb | 2.0.16 | |
| phpbb_group | phpbb | 2.0.17 | |
| phpbb_group | phpbb | 2.0.18 | |
| phpbb_group | phpbb | 2.0.19 | |
| phpbb_group | phpbb | 2.0.20 | |
| phpbb_group | phpbb | 2.0.21 | |
| phpbb_group | phpbb | 2.0_beta1 | |
| phpbb_group | phpbb | 2.0_rc1 | |
| phpbb_group | phpbb | 2.0_rc2 | |
| phpbb_group | phpbb | 2.0_rc3 | |
| phpbb_group | phpbb | 2.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE04D5FE-021A-4E97-9166-8F7484F4C5F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C74C78D-EEE0-48DF-9721-2A43B996EBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "054EFBD3-2252-4173-B37A-B8CA0218CE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB368F-5471-42E3-BBBE-EF9E623A7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F65406CF-59F1-48DC-8ABC-501F210A8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03AC5144-140D-48E9-87FD-96F2E248D4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F12660-10A7-4B66-94B0-954C9CD7D36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D9A19A-7A43-4E67-A5A7-7DF60926EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFBF5F9-AA51-45A7-BE6E-0A06778773B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBE40D8-27C0-4E06-993E-AA07DCD5B4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "69F58020-7D60-4376-BF2B-602A24C3F4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF566D7-4537-49F6-91BF-F56D64DAE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "18657E92-FA64-43CD-98CD-6C9AFAF3C3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F1F44C-B65B-49C4-B6E8-30560D5B7663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDE0690-6FB1-4E68-9250-7F45E9044B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0D9755-845D-4B53-88FA-98665A7240DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "773F6A04-7B8A-4658-AC64-DF8191A9BC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BF61F2-C69F-4B3C-92CD-20377C51C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AEACB9B7-2FA9-4290-94EE-E11DF8F66DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12CBA1A2-B9D9-436A-9772-75062D1D0931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B73B0FF6-5E58-4124-B815-192DA7D3FD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "28B74F3F-5DE8-4C22-9773-F04372B79CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "70E7ED09-FDD7-4FC2-AD0F-4B31E170F3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "82FD53CF-3D32-4F2A-AC8B-8F8390355536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90AAEB34-A2E5-43C9-9EA5-DF8A6C848ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BACCC9-0871-4BAE-B8E1-783EF6A2DC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "639E102D-2BD2-42FF-999A-02135A3E5647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7F5CF1-4610-47D0-A6DD-DCB55645245D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB898F63-F327-44B1-B6A2-889E490E583F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "894A26BD-2D8B-4DE7-BEE3-940A0498DB74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en admin/admin_tocpi_action_logging.php en Admin Topic Action Logging Mod 0.95 y anteriores, usado en phpBB 2.0 hasta 2.0.21, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro phpbb_root_path."
}
],
"id": "CVE-2006-5209",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-10T04:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2475/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2475/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4758
Vulnerability from fkie_nvd - Published: 2006-09-13 23:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "52CC6700-8863-4E86-9232-6CBFCF19FBC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00."
},
{
"lang": "es",
"value": "phpBB 2.0.21 no maneja adecuadamente los nombres de ruta que finalicen en %00, lo cual permite a un usuario remoto administrador validado actualizar ficheros de su elecci\u00f3n, seg\u00fan se puede ver a trav\u00e9s de la consulta a admin/admin_board.php con el par\u00e1metro avatar_path terminado en .php%00."
}
],
"evaluatorSolution": "Successful exploitation requires that the attacker has Administrative rights.",
"id": "CVE-2006-4758",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-13T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22188"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.security.nnov.ru/Odocument221.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20347"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.security.nnov.ru/Odocument221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}