5 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. • https://github.com/phpbb/phpbb/commit/ccf6e6c255d38692d72fcb613b113e6eaa240aac https://github.com/phpbb/phpbb/releases/tag/release-3.3.11 https://vuldb.com/?ctiid.244307 https://vuldb.com/?id.244307 https://www.phpbb.com https://www.phpbb.com/community/viewtopic.php?t=2646991 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. Se presenta una vulnerabilidad en phpBB versiones anteriores a v3.2.10 y versiones anteriores a v3.3.1, que permitió que la comprobación de las dimensiones de una imagen remota sea usada en un SSRF. • https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631 https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships. phpBB versión 3.2.8, permite un ataque de tipo CSRF que puede aprobar membresías de grupo pendientes. • https://blog.phpbb.com/category/security https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. phpBB versión 3.2.8, permite un ataque de tipo CSRF que puede modificar un avatar de grupo. • https://blog.phpbb.com/category/security https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 3%CPEs: 16EXPL: 1

PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24751 http://marc.info/?l=bugtraq&m=110075903308817&w=2 http://marc.info/?l=bugtraq&m=110082153702843&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18151 •