Vulnerabilities
Vulnerable Software
Phpbb Group:  >> Phpbb  >> 2.0_rc2  Security Vulnerabilities
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
CVSS Score
7.5
EPSS Score
0.082
Published
2002-10-04
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
CVSS Score
10.0
EPSS Score
0.145
Published
2002-08-12


Contact Us

Shodan ® - All rights reserved