CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2002-2255 – phpBB 2.0.3 - 'search.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2255
Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode. • https://www.exploit-db.com/exploits/22065 http://archives.neohapsis.com/archives/bugtraq/2002-12/0053.html http://www.securityfocus.com/bid/6311 https://exchange.xforce.ibmcloud.com/vulnerabilities/10773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2002-1707
https://notcve.org/view.php?id=CVE-2002-1707
install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. • http://online.securityfocus.com/archive/1/277318 http://www.securityfocus.com/bid/5038 https://exchange.xforce.ibmcloud.com/vulnerabilities/9370 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2002-2287 – phpBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2002-2287
PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/22017 http://archives.neohapsis.com/archives/bugtraq/2002-11/0188.html http://www.securityfocus.com/bid/6173 https://exchange.xforce.ibmcloud.com/vulnerabilities/10617 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 3CVE-2002-2176 – phpBB2 Gender Mod 1.1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2002-2176
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. • https://www.exploit-db.com/exploits/21660 http://online.securityfocus.com/archive/1/284691 http://www.iss.net/security_center/static/9692.php http://www.securityfocus.com/bid/5342 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2002-2346
https://notcve.org/view.php?id=CVE-2002-2346
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. • http://online.securityfocus.com/archive/1/294560 http://www.iss.net/security_center/static/10323.php http://www.securityfocus.com/bid/5923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •