CVSS: 7.5EPSS: 6%CPEs: 30EXPL: 4CVE-2006-2865 – phpBB 2.0.x - 'template.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2865
PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod • https://www.exploit-db.com/exploits/27961 http://www.securityfocus.com/archive/1/435869/100/0/threaded http://www.securityfocus.com/archive/1/435978/100/0/threaded http://www.securityfocus.com/archive/1/435995/100/0/threaded http://www.securityfocus.com/archive/1/436118/100/0/threaded http://www.securityfocus.com/bid/18255 •
CVSS: 4.3EPSS: 3%CPEs: 1EXPL: 1CVE-2006-2359 – phpBB Chart Mod 1.1 - 'charts.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2359
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. • https://www.exploit-db.com/exploits/27858 http://www.securityfocus.com/archive/1/433715/100/0/threaded http://www.securityfocus.com/archive/1/433848/100/0/threaded http://www.securityfocus.com/archive/1/434461/100/0/threaded http://www.securityfocus.com/bid/17952 https://exchange.xforce.ibmcloud.com/vulnerabilities/26414 •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 1CVE-2006-2360 – phpBB Chart Mod 1.1 - 'charts.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2360
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. • https://www.exploit-db.com/exploits/27857 http://www.securityfocus.com/archive/1/433715/100/0/threaded http://www.securityfocus.com/archive/1/433848/100/0/threaded http://www.securityfocus.com/archive/1/434461/100/0/threaded http://www.securityfocus.com/bid/17952 https://exchange.xforce.ibmcloud.com/vulnerabilities/26415 •
CVSS: 6.8EPSS: 8%CPEs: 3EXPL: 1CVE-2006-2245 – Auction 1.3m - 'phpbb_root_path' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2245
PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1747 http://pridels0.blogspot.com/2006/05/phpbb-auction-mod-remote-file.html http://secunia.com/advisories/19944 http://www.osvdb.org/25263 http://www.securityfocus.com/bid/17822 http://www.vupen.com/english/advisories/2006/1641 https://exchange.xforce.ibmcloud.com/vulnerabilities/26192 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2220
https://notcve.org/view.php?id=CVE-2006-2220
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. phpBB 2.0.20 no verifica apropiadamente variables de entrada especificadas por el usuarios usadas como límite para las consultas SQL, lo cual permite a atacantes remotos obtener información confidencial mediante una especificación de límite negativa, como se demuestra en el parámetro start en memberlist.php, que revela la consulta SQL en un mensaje de error resultante. • http://marc.info/?l=bugtraq&m=114695651425026&w=2 http://marc.info/?l=bugtraq&m=114731067321710&w=2 http://marc.info/?l=full-disclosure&m=114685931319903&w=2 http://securityreason.com/securityalert/837 https://exchange.xforce.ibmcloud.com/vulnerabilities/26306 • CWE-20: Improper Input Validation •