Page 5 of 57 results (0.005 seconds)

CVSS: 7.5EPSS: 6%CPEs: 31EXPL: 1

PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en admin/admin_tocpi_action_logging.php en Admin Topic Action Logging Mod 0.95 y anteriores, usado en phpBB 2.0 hasta 2.0.21, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2475 https://exchange.xforce.ibmcloud.com/vulnerabilities/29345 •

CVSS: 7.5EPSS: 6%CPEs: 30EXPL: 4

PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod • https://www.exploit-db.com/exploits/27961 http://www.securityfocus.com/archive/1/435869/100/0/threaded http://www.securityfocus.com/archive/1/435978/100/0/threaded http://www.securityfocus.com/archive/1/435995/100/0/threaded http://www.securityfocus.com/archive/1/436118/100/0/threaded http://www.securityfocus.com/bid/18255 •

CVSS: 5.1EPSS: 6%CPEs: 16EXPL: 2

PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 http://secunia.com/advisories/19892 http://www.securityfocus.com/bid/17763 http://www.vupen.com/english/advisories/2006/1585 https://exchange.xforce.ibmcloud.com/vulnerabilities/26279 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. • http://osvdb.org/ref/24/24353-phpbb.txt http://www.osvdb.org/24354 http://www.osvdb.org/24355 http://www.osvdb.org/24356 http://www.osvdb.org/24357 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://osvdb.org/ref/24/24353-phpbb.txt http://secunia.com/advisories/19494 http://www.osvdb.org/24353 http://www.securityfocus.com/bid/17355 http://www.vupen.com/english/advisories/2006/1191 https://exchange.xforce.ibmcloud.com/vulnerabilities/25599 •