Page 5 of 58 results (0.008 seconds)

CVSS: 7.5EPSS: 6%CPEs: 31EXPL: 1

PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en admin/admin_tocpi_action_logging.php en Admin Topic Action Logging Mod 0.95 y anteriores, usado en phpBB 2.0 hasta 2.0.21, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2475 https://exchange.xforce.ibmcloud.com/vulnerabilities/29345 •

CVSS: 7.5EPSS: 6%CPEs: 30EXPL: 4

PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod • https://www.exploit-db.com/exploits/27961 http://www.securityfocus.com/archive/1/435869/100/0/threaded http://www.securityfocus.com/archive/1/435978/100/0/threaded http://www.securityfocus.com/archive/1/435995/100/0/threaded http://www.securityfocus.com/archive/1/436118/100/0/threaded http://www.securityfocus.com/bid/18255 •

CVSS: 5.1EPSS: 6%CPEs: 16EXPL: 2

PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 http://secunia.com/advisories/19892 http://www.securityfocus.com/bid/17763 http://www.vupen.com/english/advisories/2006/1585 https://exchange.xforce.ibmcloud.com/vulnerabilities/26279 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. • http://securityreason.com/securityalert/769 http://www.securityfocus.com/archive/1/431017/100/0/threaded http://www.securityfocus.com/bid/17573 https://exchange.xforce.ibmcloud.com/vulnerabilities/25888 •

CVSS: 6.4EPSS: 1%CPEs: 29EXPL: 1

The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. • http://secunia.com/advisories/18727 http://www.osvdb.org/22949 http://www.r-security.net/tutorials/view/readtutorial.php?id=4 http://www.securityfocus.com/archive/1/424074/100/0/threaded http://www.vupen.com/english/advisories/2006/0461 https://exchange.xforce.ibmcloud.com/vulnerabilities/24573 •