CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5917 – phpBB Smiley Pack acp_icons.php main cross site scripting
https://notcve.org/view.php?id=CVE-2023-5917
02 Nov 2023 — A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. • https://github.com/phpbb/phpbb/commit/ccf6e6c255d38692d72fcb613b113e6eaa240aac • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8226
https://notcve.org/view.php?id=CVE-2020-8226
17 Aug 2020 — A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. Se presenta una vulnerabilidad en phpBB versiones anteriores a v3.2.10 y versiones anteriores a v3.3.1, que permitió que la comprobación de las dimensiones de una imagen remota sea usada en un SSRF. • https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16108
https://notcve.org/view.php?id=CVE-2019-16108
19 Mar 2020 — phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. phpBB versión 3.2.7, permite agregar una secuencia de token arbitrario Cascading Style Sheets (CSS) a una página por medio de BBCode. • https://www.phpbb.com/community/viewtopic.php?t=2523271 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16107
https://notcve.org/view.php?id=CVE-2019-16107
11 Mar 2020 — Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments. Una falta de comprobación de tokens del formulario en phpBB versión 3.2.7, permite un ataque de tipo CSRF en una eliminación de archivos adjuntos de publicaciones. • https://www.phpbb.com/community/viewforum.php?f=14 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-13376
https://notcve.org/view.php?id=CVE-2019-13376
27 Sep 2019 — phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS phpBB versión 3.2.7, permite el robo de un id de sesión del Panel de Control de Administración mediante el aprovechamiento de una vulnerabilidad de tipo CSRF en la funcionalidad Remote Avatar. El secuestro de tokens CSRF conduce a XSS almacenado • https://blog.phpbb.com/category/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 1CVE-2004-1535 – phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion
https://notcve.org/view.php?id=CVE-2004-1535
31 Dec 2004 — PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24751 •