Aggregates CVE and security vulnerability intelligence across all phpBB-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk ssrf and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2006-7174 | PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235. | [email protected] | 10.0 | 2.15% | 2007-03-21 | 2026-04-23 |
| CVE-2006-7168 | PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 7.5 | 7.26% | 2007-03-20 | 2026-04-23 |
| CVE-2006-7148 | PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893. | [email protected] | 10.0 | 3.42% | 2007-03-07 | 2026-04-23 |
| CVE-2006-7147 | PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 6.8 | 4.27% | 2007-03-07 | 2026-04-23 |
| CVE-2006-7100 | PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 6.8 | 2.03% | 2007-03-03 | 2026-04-23 |
| CVE-2006-2220 | phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. | [email protected] | 5.0 | 1.28% | 2007-02-08 | 2026-04-23 |
| CVE-2007-0761 | PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter. | [email protected] | 7.5 | 3.28% | 2007-02-06 | 2026-04-23 |
| CVE-2006-6593 | PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 7.5 | 2.30% | 2006-12-15 | 2026-04-23 |
| CVE-2006-6459 | Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action). | [email protected] | 6.8 | 1.15% | 2006-12-11 | 2026-04-23 |
| CVE-2006-5418 | PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 6.8 | 5.65% | 2006-10-20 | 2026-04-23 |
| CVE-2006-5390 | PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 6.8 | 2.91% | 2006-10-18 | 2026-04-23 |
| CVE-2006-5312 | PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 7.5 | 2.14% | 2006-10-17 | 2026-04-23 |
| CVE-2006-5309 | PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 7.5 | 3.26% | 2006-10-17 | 2026-04-23 |
| CVE-2006-5306 | Multiple PHP remote file inclusion vulnerabilities in the Journals System module 1.0.2 (RC2) and earlier for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/journals_delete.php, (2) includes/journals_post.php, or (3) includes/journals_edit.php. | [email protected] | 6.8 | 3.02% | 2006-10-17 | 2026-04-23 |
| CVE-2006-5305 | PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 5.1 | 3.09% | 2006-10-17 | 2026-04-23 |
| CVE-2006-5301 | PHP remote file inclusion vulnerability in includes/antispam.php in the SpamBlockerMODv 1.0.2 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 6.8 | 5.47% | 2006-10-17 | 2026-04-23 |
| CVE-2006-5191 | PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | [email protected] | 5.1 | 3.12% | 2006-10-10 | 2026-04-23 |
| CVE-2003-1530 | SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter. | [email protected] | 7.5 | 1.06% | 2003-12-31 | 2026-04-16 |
| CVE-2002-2349 | phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. | [email protected] | 5.0 | 2.49% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2346 | phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. | [email protected] | 5.0 | 1.21% | 2002-12-31 | 2026-04-16 |