CVSS: 7.5EPSS: 15%CPEs: 1EXPL: 2CVE-2006-4450 – phpBB 2.0.20 - Unauthorized HTTP Proxy
https://notcve.org/view.php?id=CVE-2006-4450
30 Aug 2006 — usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. usercp_avatar.php en PHPBB 2.0.20, cuando la subida de ficheros avatar está habilitada, permite a atacantes remotos usar el servidor como un proxy web enviando una URL al parámetro avatarurl, el cual es usado entonces en una petición HTTP GET. • https://www.exploit-db.com/exploits/27863 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2006-3940 – phpBB-Auction 1.x - 'auction_store.php?u' SQL Injection
https://notcve.org/view.php?id=CVE-2006-3940
31 Jul 2006 — Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error. Múltiples vulnerabilidades de inyección SQL en phpbb-Auction permiten a atacantes remotos ejecutar comandos SQL de su elección ... • https://www.exploit-db.com/exploits/28282 •
CVSS: 9.8EPSS: 6%CPEs: 30EXPL: 4CVE-2006-2865 – phpBB 2.0.x - 'template.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2865
06 Jun 2006 — PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod • https://www.exploit-db.com/exploits/27961 •
CVSS: 9.8EPSS: 14%CPEs: 1EXPL: 3CVE-2006-2736 – Blend Portal 1.2.0 - 'phpBB Mod' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2736
01 Jun 2006 — PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507. • https://www.exploit-db.com/exploits/1846 •
CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 1CVE-2006-2360 – phpBB Chart Mod 1.1 - 'charts.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2360
15 May 2006 — SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. • https://www.exploit-db.com/exploits/27857 •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 1CVE-2006-2359 – phpBB Chart Mod 1.1 - 'charts.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2359
15 May 2006 — Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. • https://www.exploit-db.com/exploits/27858 •
CVSS: 9.8EPSS: 8%CPEs: 3EXPL: 1CVE-2006-2245 – Auction 1.3m - 'phpbb_root_path' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2245
09 May 2006 — PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2150
https://notcve.org/view.php?id=CVE-2006-2150
03 May 2006 — PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. • http://www.osvdb.org/25294 •
CVSS: 9.1EPSS: 9%CPEs: 1EXPL: 2CVE-2006-2152 – Advanced Guestbook 2.4.0 - 'phpBB' File Inclusion
https://notcve.org/view.php?id=CVE-2006-2152
03 May 2006 — PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1723 •
CVSS: 9.1EPSS: 9%CPEs: 1EXPL: 2CVE-2006-2151 – TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2151
03 May 2006 — PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1722 •