CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2220
https://notcve.org/view.php?id=CVE-2006-2220
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. phpBB 2.0.20 no verifica apropiadamente variables de entrada especificadas por el usuarios usadas como límite para las consultas SQL, lo cual permite a atacantes remotos obtener información confidencial mediante una especificación de límite negativa, como se demuestra en el parámetro start en memberlist.php, que revela la consulta SQL en un mensaje de error resultante. • http://marc.info/?l=bugtraq&m=114695651425026&w=2 http://marc.info/?l=bugtraq&m=114731067321710&w=2 http://marc.info/?l=full-disclosure&m=114685931319903&w=2 http://securityreason.com/securityalert/837 https://exchange.xforce.ibmcloud.com/vulnerabilities/26306 • CWE-20: Improper Input Validation •
CVSS: 5.1EPSS: 6%CPEs: 16EXPL: 2CVE-2006-2134 – Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2134
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 http://secunia.com/advisories/19892 http://www.securityfocus.com/bid/17763 http://www.vupen.com/english/advisories/2006/1585 https://exchange.xforce.ibmcloud.com/vulnerabilities/26279 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1895
https://notcve.org/view.php?id=CVE-2006-1895
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. • http://securityreason.com/securityalert/769 http://www.securityfocus.com/archive/1/431017/100/0/threaded http://www.securityfocus.com/bid/17573 https://exchange.xforce.ibmcloud.com/vulnerabilities/25888 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1775
https://notcve.org/view.php?id=CVE-2006-1775
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. • http://osvdb.org/ref/24/24353-phpbb.txt http://www.osvdb.org/24354 http://www.osvdb.org/24355 http://www.osvdb.org/24356 http://www.osvdb.org/24357 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1603
https://notcve.org/view.php?id=CVE-2006-1603
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://osvdb.org/ref/24/24353-phpbb.txt http://secunia.com/advisories/19494 http://www.osvdb.org/24353 http://www.securityfocus.com/bid/17355 http://www.vupen.com/english/advisories/2006/1191 https://exchange.xforce.ibmcloud.com/vulnerabilities/25599 •