CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 2CVE-2009-0592 – PNPHPBB2 < 1.2i - 'ModName' Multiple Local File Inclusions
https://notcve.org/view.php?id=CVE-2009-0592
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/. Múltiples vulnerabilidades de salto de directorio en PNphpBB2 1.2i y anteriores permiten a atacantes remotos incluir y ejecutar archivos locales a través de un .. (punto punto) en el parámetro ModName de (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, y (6) admin_users.php en admin/. • https://www.exploit-db.com/exploits/7658 http://secunia.com/advisories/33365 http://www.securityfocus.com/bid/33103 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3584 – PNPHPBB2 < 1.2i - 'viewforum.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3584
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. Vulnerabilidad de inyección SQL en viewforum.php de PHphpBB2 1.2i y anteriores para Postnuke permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro order. • https://www.exploit-db.com/exploits/4147 http://osvdb.org/45777 https://exchange.xforce.ibmcloud.com/vulnerabilities/35256 •