CVE-2008-1350 – Fully Modded phpBB - 'kb.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1350
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action. Vulnerabilidad de inyección SQL en kb.php en Fully Modded phpBB (phpbbfm) 80220, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "k" en una acción article. • https://www.exploit-db.com/exploits/5243 http://secunia.com/advisories/29339 http://securityreason.com/securityalert/3745 http://www.securityfocus.com/archive/1/489468/100/0/threaded http://www.securityfocus.com/bid/28225 https://exchange.xforce.ibmcloud.com/vulnerabilities/41192 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-2257 – Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2257
PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en subscp.php en Fully Modded phpBB2 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/29869 http://osvdb.org/35419 http://securityreason.com/securityalert/2621 http://www.securityfocus.com/archive/1/466177/100/0/threaded http://www.securityfocus.com/bid/23565 https://exchange.xforce.ibmcloud.com/vulnerabilities/33751 •
CVE-2006-5610
https://notcve.org/view.php?id=CVE-2006-5610
PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en player/includes/common.php de Teake Nutma Foing, como se encuentra modificado en Fully Modded phpBB (phpbbfm) 2021.4.40, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • http://secunia.com/advisories/22499 •
CVE-2006-5526 – Fully Modded phpBB 2021.4.40 - Multiple File Inclusions
https://notcve.org/view.php?id=CVE-2006-5526
Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter in (a) faq.php, (b) index.php, (c) list.php, (d) login.php, (e) playlist.php, (f) song.php, (g) gen_m3u.php, (h) view_artist.php, (i) view_song.php, (j) flash/set_na.php, (k) flash/initialise.php, (l) flash/get_song.php, (m) includes/common.php, (n) admin/nav.php, (o) admin/main.php, (p) admin/list_artists.php, (q) admin/index.php, (r) admin/genres.php, (s) admin/edit_artist.php, (t) admin/edit_album.php, (u) admin/config.php, and (v) admin/admin_status.php in player/, different vectors than CVE-2006-3045. NOTE: CVE analysis as of 20061026 indicates that files in the admin/ and flash/ directories define foing_root_path before use. Vulnerabilidades de inclusión PHP de múltiples ficheros remotos en Teake Nutma Foing, como modificados en Fully Modded phpBB (phpbbfm) 2021.4.40 y anteriores, permite a atacantes remotos ejecutar código de su elección mediante un URL en el parámetro foing_root_path en a) faq.php, (b) index.php, (c) list.php, (d) login.php, (e) playlist.php, (f) song.php, (g) gen_m3u.php, (h) view_artist.php, (i) view_song.php, (j) flash/set_na.php, (k) flash/initialise.php, (l) flash/get_song.php, (m) includes/common.php, (n) admin/nav.php, (o) admin/main.php, (p) admin/list_artists.php, (q) admin/index.php, (r) admin/genres.php, (s) admin/edit_artist.php, (t) admin/edit_album.php, (u) admin/config.php, y (v) admin/admin_status.php in player/, vectores diferentes al CVE-2006-3045. NOTA: El análisis de CVE del 20061026 indica que los ficheros de los directorios admin/ y flash/ definen foing_root_path antes de ser usado. • https://www.exploit-db.com/exploits/2621 http://secunia.com/advisories/22499 http://www.osvdb.org/30035 http://www.vupen.com/english/advisories/2006/4165 https://exchange.xforce.ibmcloud.com/vulnerabilities/29718 •