Shodan
Vulnerabilities
Vulnerable Software
Phpbb Group:  >> Phpbb  >> 2.0.0  Security Vulnerabilities
CVE-2004-1950
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
CVSS Score
5.0
EPSS Score
0.006
Published
2004-04-19
CVE-2003-1244
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVSS Score
7.5
EPSS Score
0.012
Published
2003-12-31
CVE-2003-1215
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
CVSS Score
4.6
EPSS Score
0.001
Published
2003-12-29
CVE-2003-1216
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
CVSS Score
7.5
EPSS Score
0.022
Published
2003-11-27
CVE-2002-1537
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
CVSS Score
10.0
EPSS Score
0.004
Published
2003-03-31
CVE-2002-1707
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
CVE-2002-2176
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.
CVSS Score
10.0
EPSS Score
0.007
Published
2002-12-31
CVE-2002-0902
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
CVSS Score
7.5
EPSS Score
0.082
Published
2002-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved