Shodan
Vulnerabilities
Vulnerable Software
Ultimate Php Board:  Security Vulnerabilities
CVE-2005-2005
Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-06-16
CVE-2005-2030
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.
CVSS Score
5.0
EPSS Score
0.015
Published
2005-06-16
CVE-2005-1614
Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.
CVSS Score
6.8
EPSS Score
0.005
Published
2005-05-16
CVE-2005-1615
viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2005-05-16
CVE-2005-1616
viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-05-16
CVE-2002-1821
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
CVSS Score
4.6
EPSS Score
0.002
Published
2002-12-31
CVE-2002-2276
Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
CVE-2002-2322
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved