savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
CVSS Score
7.5
EPSS Score
0.068
Published
2003-04-22
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
CVSS Score
10.0
EPSS Score
0.007
Published
2003-04-22