Page 5 of 93 results (0.007 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. • http://www.osvdb.org/25294 http://www.securityfocus.com/archive/1/432453/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26172 •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1723 http://secunia.com/advisories/19905 http://www.securityfocus.com/bid/17745 http://www.vupen.com/english/advisories/2006/1600 https://exchange.xforce.ibmcloud.com/vulnerabilities/26217 https://www.exploit-db.com/exploits/1725 •

CVSS: 5.1EPSS: 6%CPEs: 16EXPL: 2

PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 http://secunia.com/advisories/19892 http://www.securityfocus.com/bid/17763 http://www.vupen.com/english/advisories/2006/1585 https://exchange.xforce.ibmcloud.com/vulnerabilities/26279 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. • http://securityreason.com/securityalert/769 http://www.securityfocus.com/archive/1/431017/100/0/threaded http://www.securityfocus.com/bid/17573 https://exchange.xforce.ibmcloud.com/vulnerabilities/25888 •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. • http://secunia.com/advisories/20093 http://secunia.com/advisories/20197 http://securityreason.com/securityalert/715 http://securityreason.com/securityalert/762 http://www.debian.org/security/2006/dsa-1066 http://www.securityfocus.com/archive/1/431015/100/0/threaded http://www.securityfocus.com/archive/1/431387/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/25889 • CWE-94: Improper Control of Generation of Code ('Code Injection') •