Known Vulnerabilities for products from Phpbb
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Phpbb".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-70811 json | Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Ad... | Not Provided | 2026-04-09 | 2026-04-17 |
| CVE-2025-70810 json | Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the lo... | Not Provided | 2026-04-09 | 2026-04-17 |
| CVE-2025-32575 json | Not Provided | 2025-04-09 | 2026-04-01 | |
| CVE-2025-32274 json | Not Provided | 2025-04-04 | 2026-04-01 | |
| CVE-2023-5917 json | A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function m... | 6.1 - MEDIUM | 2023-11-02 | 2023-11-09 |
| CVE-2020-8226 json | A vulnerability exists in phpBB | 5.8 - MEDIUM
|
2020-08-17
|
2020-08-21
|
|
| CVE-2020-5502 json | phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships. | 6.5 - MEDIUM | 2020-01-15 | 2020-01-23 |
| CVE-2020-5501 json | phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. | 4.3 - MEDIUM | 2020-01-15 | 2020-01-23 |
| CVE-2019-16993 json | In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the A... | 8.8 - HIGH | 2019-09-30 | 2019-11-21 |
| CVE-2019-16108 json | phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. | 7.5 - HIGH | 2020-03-20 | 2020-08-24 |
| CVE-2019-16107 json | Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments. | 4.3 - MEDIUM | 2020-03-11 | 2020-03-11 |
| CVE-2019-13376 json | phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar... | 6.5 - MEDIUM | 2019-09-27 | 2020-08-24 |
| CVE-2019-11767 json | Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local... | 5.8 - MEDIUM | 2019-05-05 | 2019-05-06 |
| CVE-2019-9826 json | The fulltext search component in phpBB before 3.2.6 allows Denial of Service. | 7.5 - HIGH | 2019-05-02 | 2019-05-04 |
| CVE-2018-19274 json | Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection b... | 7.2 - HIGH | 2018-11-17 | 2022-12-02 |
| CVE-2017-1000419 json | phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanni... | 7.5 - HIGH | 2018-01-02 | 2018-01-16 |
| CVE-2015-3880 json | Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google... | 6.1 - MEDIUM | 2017-09-19 | 2017-09-27 |
| CVE-2015-1432 json | The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form ke... | 6.8 - MEDIUM | 2015-02-10 | 2017-09-08 |
| CVE-2015-1431 json | Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arb... | 4.3 - MEDIUM | 2015-02-10 | 2017-09-08 |
| CVE-2011-0544 json | phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | 6.1 - MEDIUM | 2019-11-14 | 2019-11-15 |
Known software with vulnerabilities from Phpbb
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Phpbb | Phpbb | 3.0.0 |