Phpbb Group: >> Phpbb >> 2.0.18 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
CVSS Score
2.6
EPSS Score
0.014
Published
2005-12-20
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
CVSS Score
5.0
EPSS Score
0.013
Published
2005-12-20
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-11-24
Page 2