Psotfx

#12627de 53,632
21.4CVSS total
Vulnerabilidades · 4
Média
3
Alta
1
PT-2004-3026
4.3
2004-12-23
Phpbb · Phpbb · CVE-2004-2130
**Name of the Vulnerable Software and Affected Versions** phpBB version 2.0.6 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary script or HTML. The vulnerable parameters are the `folder` and `mode` variables. **Recommendations** For phpBB version 2.0.6, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `privmsg.php` file to minimize the risk of exploitation. Avoid using the `folder` and `mode` variables in the affected API endpoint until the issue is resolved.
PT-2004-2239
7.5
2004-11-12
Phpbb · Phpbb · CVE-2004-1315
Name of the Vulnerable Software and Affected Versions: phpBB versions prior to 2.0.11 Description: The issue allows remote attackers to execute arbitrary PHP code by exploiting the improper URL decoding of the `highlight` parameter in the `viewtopic.php` file. This is achieved by double-encoding the `highlight` value, which results in special characters being inserted into the processed result. The vulnerability was exploited by the Santy.A worm. Recommendations: For versions prior to 2.0.11, update to version 2.0.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the `viewtopic.php` file or disabling the `highlight` parameter to minimize the risk of exploitation.
PT-2003-2162
4.6
2003-12-29
Phpbb · Phpbb · CVE-2003-1215
**Name of the Vulnerable Software and Affected Versions** phpBB versions 2.0.6 and earlier **Description** The issue allows group moderators to perform unauthorized activities. This is achieved via the `sql in` parameter in the groupcp.php file. **Recommendations** For phpBB versions 2.0.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2003-1660
5.0
2003-06-28
Phpbb · Phpbb · CVE-2003-0486
Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.5 and earlier Description: The issue allows remote attackers to steal password hashes. This is achieved through a SQL injection vulnerability in the viewtopic.php file, specifically via the `topic id` parameter. Recommendations: For phpBB versions 2.0.5 and earlier, update to a version later than 2.0.5 to resolve the issue.