Aggregates CVE and security vulnerability intelligence across all stewart_howe-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk path handling and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-0853 | login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value. | [email protected] | 6.8 | 3.37% | 2009-03-09 | 2026-04-23 |
| CVE-2009-0852 | showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter. | [email protected] | 5.0 | 6.02% | 2009-03-09 | 2026-04-23 |
| CVE-2009-0851 | Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php. | [email protected] | 6.8 | 0.60% | 2009-03-09 | 2026-04-23 |