Shodan
Vulnerabilities
Vulnerable Software
Phpbb Group:  >> Phpbb  >> 1.0.0  Security Vulnerabilities
CVE-2006-2134
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVSS Score
5.1
EPSS Score
0.063
Published
2006-05-02
CVE-2005-0614
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
CVSS Score
7.5
EPSS Score
0.045
Published
2005-05-02
CVE-2005-0659
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-05-02
CVE-2004-2350
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2004-12-31
CVE-2004-1315
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
CVSS Score
7.5
EPSS Score
0.859
Published
2004-11-12
CVE-2003-1215
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
CVSS Score
4.6
EPSS Score
0.001
Published
2003-12-29
CVE-2003-1216
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
CVSS Score
7.5
EPSS Score
0.022
Published
2003-11-27
CVE-2002-0475
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
CVSS Score
5.1
EPSS Score
0.008
Published
2002-08-12
CVE-2002-0533
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
CVSS Score
5.0
EPSS Score
0.015
Published
2002-08-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved