CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 3CVE-2002-2287 – phpBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2002-2287
31 Dec 2002 — PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/22017 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2002-1894
https://notcve.org/view.php?id=CVE-2002-1894
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. • http://online.securityfocus.com/archive/1/300362 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 2CVE-2002-0902 – PHPBB2 - Image Tag HTML Injection
https://notcve.org/view.php?id=CVE-2002-0902
31 Aug 2002 — Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. Vulnerabilidad de secuencias de comandos en sitios cruzados en phpBB 2.0.0 (phpBB) permite a atacantes remotos ejecutar Javascript como otros usuarios de phpBB incluyendo http:// y comillas dobles ("... • https://www.exploit-db.com/exploits/21486 •
CVSS: 10.0EPSS: 10%CPEs: 4EXPL: 0CVE-2002-0473
https://notcve.org/view.php?id=CVE-2002-0473
12 Aug 2002 — db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2002-0533
https://notcve.org/view.php?id=CVE-2002-0533
11 Jun 2002 — phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2002-0475
https://notcve.org/view.php?id=CVE-2002-0475
11 Jun 2002 — Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. • http://www.iss.net/security_center/static/7459.php •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1482
https://notcve.org/view.php?id=CVE-2001-1482
31 Dec 2001 — SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable. • http://www.securityfocus.com/archive/1/219178 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3CVE-2001-1472 – phpBB 1.4 - SQL Query Manipulation
https://notcve.org/view.php?id=CVE-2001-1472
03 Aug 2001 — SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. • https://www.exploit-db.com/exploits/21046 •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 2CVE-2001-1471 – phpBB 1.x - Page Header Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2001-1471
31 Jul 2001 — prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. • https://www.exploit-db.com/exploits/21065 • CWE-665: Improper Initialization •