Known Vulnerabilities for products from Phpbb Group
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Phpbb Group".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2007-1695 json | PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute ar... | Not Provided | 2007-03-27 | 2026-04-23 |
| CVE-2006-7077 json | SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary... | Not Provided | 2007-03-02 | 2026-04-23 |
| CVE-2006-7076 json | Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inje... | Not Provided | 2007-03-02 | 2026-04-23 |
| CVE-2006-6841 json | Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | Not Provided | 2006-12-31 | 2026-04-23 |
| CVE-2006-6840 json | Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start pa... | Not Provided | 2006-12-31 | 2026-04-23 |
| CVE-2006-6839 json | Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' ... | Not Provided | 2006-12-31 | 2026-04-23 |
| CVE-2006-6508 json | Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messag... | Not Provided | 2006-12-14 | 2026-04-23 |
| CVE-2006-6421 json | Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote... | Not Provided | 2006-12-10 | 2026-04-23 |
| CVE-2006-5435 json | PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitra... | Not Provided | 2006-10-20 | 2026-04-23 |
| CVE-2006-5209 json | PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and ea... | Not Provided | 2006-10-10 | 2026-04-23 |
| CVE-2006-4779 json | PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allow... | 7.5 - HIGH | 2006-09-14 | 2017-10-19 |
| CVE-2006-4758 json | phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to uplo... | 4.6 - MEDIUM | 2006-09-13 | 2018-10-17 |
| CVE-2006-4450 json | usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy... | 5.1 - MEDIUM | 2006-08-30 | 2017-07-20 |
| CVE-2006-3940 json | Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ... | 7.5 - HIGH | 2006-07-31 | 2018-10-17 |
| CVE-2006-2865 json | ** DISPUTED ** PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitra... | 7.5 - HIGH | 2006-06-06 | 2023-11-07 |
| CVE-2006-2360 json | SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL command... | 7.5 - HIGH | 2006-05-15 | 2018-10-18 |
| CVE-2006-2359 json | Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary... | 4.3 - MEDIUM | 2006-05-15 | 2018-10-18 |
| CVE-2006-2245 json | PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers t... | Not Provided | 2006-05-09 | 2025-04-03 |
| CVE-2006-2219 json | phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allow... | Not Provided | 2007-02-08 | 2026-04-23 |
| CVE-2006-2152 json | PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_gl... | Not Provided | 2006-05-03 | 2025-04-03 |