This page lists publicly disclosed CVE vulnerabilities affecting phpbb_group phpbb (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2004-0730 | Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php. | [email protected] | 6.8 | 1.48% | 2004-07-27 | 2026-06-16 |
| CVE-2004-0729 | PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message. | [email protected] | 5.0 | 1.43% | 2004-07-27 | 2026-06-16 |
| CVE-2004-2055 | Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter. | [email protected] | 4.3 | 1.26% | 2004-07-19 | 2026-06-16 |
| CVE-2004-1950 | phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses. | [email protected] | 5.0 | 1.46% | 2004-04-19 | 2026-06-16 |
| CVE-2004-1943 | PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | [email protected] | 7.5 | 2.56% | 2004-04-19 | 2026-06-16 |
| CVE-2003-1373 | Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php. | [email protected] | 6.8 | 1.27% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1244 | SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | [email protected] | 7.5 | 1.19% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1215 | SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter. | [email protected] | 4.6 | 0.37% | 2003-12-29 | 2026-06-16 |
| CVE-2003-1216 | SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. | [email protected] | 7.5 | 1.79% | 2003-11-27 | 2026-06-16 |
| CVE-2003-0486 | SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. | [email protected] | 5.0 | 1.95% | 2003-08-07 | 2026-06-16 |
| CVE-2003-0484 | Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. | [email protected] | 6.8 | 1.21% | 2003-08-07 | 2026-06-16 |
| CVE-2002-1537 | admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u". | [email protected] | 10.0 | 2.48% | 2003-03-31 | 2026-06-16 |
| CVE-2002-2176 | SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. | [email protected] | 10.0 | 3.31% | 2002-12-31 | 2026-06-16 |
| CVE-2002-1894 | Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | [email protected] | 4.3 | 1.96% | 2002-12-31 | 2026-06-16 |
| CVE-2002-1707 | install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | [email protected] | 5.0 | 1.37% | 2002-12-31 | 2026-06-16 |
| CVE-2002-0902 | Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | [email protected] | 7.5 | 7.16% | 2002-10-04 | 2026-06-16 |
| CVE-2002-0533 | phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | [email protected] | 5.0 | 1.80% | 2002-08-12 | 2026-06-16 |
| CVE-2002-0475 | Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | [email protected] | 5.1 | 1.33% | 2002-08-12 | 2026-06-16 |
| CVE-2002-0473 | db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. | [email protected] | 10.0 | 5.27% | 2002-08-12 | 2026-06-16 |
| CVE-2001-1482 | SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable. | [email protected] | 7.5 | 1.23% | 2001-12-31 | 2026-06-16 |