CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4125
https://notcve.org/view.php?id=CVE-2008-4125
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632. La función de búsqueda en phpBB 2.x proporciona un valor search_id que pierde el estado de PHP's PRNG, el cual permite a los atacantes remoto obtener potencialmente información sensible, como se demuestra por un ataque de aplicaciones cruzadas contra WordPress, vulnerabilidad diferente a CVE-2006-0632. • http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers https://exchange.xforce.ibmcloud.com/vulnerabilities/45415 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2008-3224
https://notcve.org/view.php?id=CVE-2008-3224
Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()." Vulnerabilidad sin especificar en phpBB 3.0.1 tiene un impacto desconocido y vectores de ataque relacionados con "URLs a las que se accede a través de redirect() dentro de login_box ()". • http://www.openwall.com/lists/oss-security/2008/07/12/1 http://www.phpbb.com/community/viewtopic.php?f=14&t=1059565&sid=2d3a6352a484588e1ad80f09dd19fe33 https://exchange.xforce.ibmcloud.com/vulnerabilities/44208 •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-1766
https://notcve.org/view.php?id=CVE-2008-1766
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs." Múltiples vulnerabilidades no especificadas en phpBB anterior a 3.0.1 tienen un impacto desconocido y vectores de ataque, referidos a " dos errores menores relacionados con la seguridad" • http://www.phpbb.com/community/viewtopic.php?f=14&t=879735 http://www.vupen.com/english/advisories/2008/1236/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41886 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1350 – Fully Modded phpBB - 'kb.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1350
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action. Vulnerabilidad de inyección SQL en kb.php en Fully Modded phpBB (phpbbfm) 80220, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "k" en una acción article. • https://www.exploit-db.com/exploits/5243 http://secunia.com/advisories/29339 http://securityreason.com/securityalert/3745 http://www.securityfocus.com/archive/1/489468/100/0/threaded http://www.securityfocus.com/bid/28225 https://exchange.xforce.ibmcloud.com/vulnerabilities/41192 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-1305 – phpBB Mod FileBase 2.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1305
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en filebase.php en el módulo Filebase para phpBB permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/5236 http://www.securityfocus.com/bid/28194 https://exchange.xforce.ibmcloud.com/vulnerabilities/41137 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •