2 results (0.002 seconds)

CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0

Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en phpBB Plus 1.53, y 1.53a anterior a 20070922, cuando register_globals está activado, permiten a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro phpbb_root_path de (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, vectores diferentes de CVE-2007-5009. • http://osvdb.org/38723 http://osvdb.org/38724 http://osvdb.org/38725 http://secunia.com/advisories/26888 http://www.phpbb2.de/ftopic45218.html http://www.securityfocus.com/bid/25776 http://www.vupen.com/english/advisories/2007/3247 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php. • http://marc.info/?l=bugtraq&m=111343406309969&w=2 http://www.digitalparadox.org/advisories/phpbbp.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/20085 •