PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter.
CVSS Score
7.5
EPSS Score
0.054
Published
2006-09-28
sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.
CVSS Score
2.1
EPSS Score
0.003
Published
2005-03-01
delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters.
CVSS Score
2.1
EPSS Score
0.003
Published
2005-03-01