CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2220
https://notcve.org/view.php?id=CVE-2006-2220
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. phpBB 2.0.20 no verifica apropiadamente variables de entrada especificadas por el usuarios usadas como límite para las consultas SQL, lo cual permite a atacantes remotos obtener información confidencial mediante una especificación de límite negativa, como se demuestra en el parámetro start en memberlist.php, que revela la consulta SQL en un mensaje de error resultante. • http://marc.info/?l=bugtraq&m=114695651425026&w=2 http://marc.info/?l=bugtraq&m=114731067321710&w=2 http://marc.info/?l=full-disclosure&m=114685931319903&w=2 http://securityreason.com/securityalert/837 https://exchange.xforce.ibmcloud.com/vulnerabilities/26306 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2CVE-2006-2152 – Advanced Guestbook 2.4.0 - 'phpBB' File Inclusion
https://notcve.org/view.php?id=CVE-2006-2152
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1723 http://secunia.com/advisories/19905 http://www.securityfocus.com/bid/17745 http://www.vupen.com/english/advisories/2006/1600 https://exchange.xforce.ibmcloud.com/vulnerabilities/26217 https://www.exploit-db.com/exploits/1725 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2150
https://notcve.org/view.php?id=CVE-2006-2150
PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. • http://www.osvdb.org/25294 http://www.securityfocus.com/archive/1/432453/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26172 •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2CVE-2006-2151 – TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2151
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1722 https://www.exploit-db.com/exploits/1724 http://secunia.com/advisories/19884 http://www.osvdb.org/25260 http://www.vupen.com/english/advisories/2006/1601 https://exchange.xforce.ibmcloud.com/vulnerabilities/26172 •
CVSS: 5.1EPSS: 6%CPEs: 16EXPL: 2CVE-2006-2134 – Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2134
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 http://secunia.com/advisories/19892 http://www.securityfocus.com/bid/17763 http://www.vupen.com/english/advisories/2006/1585 https://exchange.xforce.ibmcloud.com/vulnerabilities/26279 •