CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2015-2217 – Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-2217
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php. Múltiples vulnerabilidades de tipo cross-site-scripting (XSS) en Ultimate PHP Board (también se conoce como myUPB) anterior a versión 2.2.8, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro q en el archivo search.php o el (2) parámetro avatar en el archivo profile.php. Ultimate PHP Board (UPB) version 2.2.7 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/130684/Ultimate-PHP-Board-UPB-2.2.7-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/534796/100/0/threaded http://www.securityfocus.com/bid/72991 https://github.com/Halamix2/MyUPB/blob/8b00a8f6ea999d22c22b081f4a144f51ec7225b0/changelog.txt https://github.com/PHP-Outburst/myUPB/issues/17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2003-0395 – Ultimate PHP Board 1.9 - 'admin_iplog.php' Arbitrary PHP Execution
https://notcve.org/view.php?id=CVE-2003-0395
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php. Ultimate PHP Board (UPB) 1.9 permite a atacantes remotos ejecutar código PHP arbitrario con privilegios de administrador UPB mediante una petición HTTP conteniendo el código en la cabecera User-Agent, que es ejecutado cuando el administrador ejecuta admin_iplog.php. • https://www.exploit-db.com/exploits/22642 http://f0kp.iplus.ru/bz/024.en.txt http://marc.info/?l=bugtraq&m=105379741528925&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •