Shodan
Vulnerabilities
Vulnerable Software
Phpbb Group:  >> Phpbb  >> 2.0.1  Security Vulnerabilities
CVE-2004-1315
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
CVSS Score
7.5
EPSS Score
0.859
Published
2004-11-12
CVE-2004-2055
Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.
CVSS Score
4.3
EPSS Score
0.004
Published
2004-07-19
CVE-2004-1943
PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
CVSS Score
7.5
EPSS Score
0.017
Published
2004-04-19
CVE-2004-1950
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
CVSS Score
5.0
EPSS Score
0.006
Published
2004-04-19
CVE-2003-1244
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVSS Score
7.5
EPSS Score
0.012
Published
2003-12-31
CVE-2003-1215
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
CVSS Score
4.6
EPSS Score
0.001
Published
2003-12-29
CVE-2003-1216
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
CVSS Score
7.5
EPSS Score
0.022
Published
2003-11-27
CVE-2002-1707
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
CVE-2002-2176
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.
CVSS Score
10.0
EPSS Score
0.007
Published
2002-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved