|
Vulnerability Report: phpBB 2.x
|
This vulnerability report for phpBB 2.x contains a complete overview of all Secunia advisories affecting it. You can use this vulnerability report to ensure that you are aware of all vulnerabilities, both patched and unpatched, affecting this product allowing you to take the necessary precautions.
If you have information about a new or an existing vulnerability in phpBB 2.x then you are more than welcome to contact us.
|
|
|
|
|
Vendor, Links, and Unpatched Vulnerabilities
| Vendor |
N/A
|
|
|
Product Link
|
View Here (Link to external site)
|
|
|
Affected By
|
38 Secunia advisories
27 Vulnerabilities
|
|
|
Monitor Product
|
Receive alerts for this product
|
|
|
Unpatched
|
0% (0 of 38 Secunia advisories)
|
|
Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..
|
|
|
|
|
|
38 Secunia Advisories in 2003-2009
|
Secunia has issued a total of 38 Secunia advisories in 2003-2009 for phpBB 2.x. Currently, 0% (0 out of 38) are marked as unpatched.
More information about the specific Secunia advisories affecting phpBB 2.x can be found below. Each Secunia advisory is enclosed by a box highlighted with a color representing its current patch status. You can read the complete Secunia advisories for thorough descriptions of the issues covered and for solution suggestions by clicking either the Secunia advisory title or the "Read More" links available for each Secunia advisory.
|
|
|
|
|
|
Release Date:
2008-01-25 |
Secunia Advisory ID:
SA28630 |
Solution Status:
Vendor Patch |
|
Criticality:
 |
Impact:
Cross Site Scripting
Manipulation of data
|
Where:
From remote |
|
Short Description:
NBBN has discovered a vulnerability in phpBB, which can be exploited by malicious people to conduct cross-site request forgery attacks. [Read More]
|
|
|
|
|
|
Release Date:
2006-12-08 |
Secunia Advisory ID:
SA23283 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
Some vulnerabilities have been discovered in phpBB, which can be exploited by malicious people to conduct cross-site request forgery attacks and cross-site scripting attacks. [Read More]
|
|
|
|
|
|
Release Date:
2006-10-04 |
Secunia Advisory ID:
SA22188 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
System access
|
Where:
From remote |
|
Short Description:
ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. [Read More]
|
|
|
|
|
|
Release Date:
2006-05-16 |
Secunia Advisory ID:
SA20093 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Security Bypass
System access
|
Where:
From remote |
|
Short Description:
A weakness and a vulnerability have been discovered in phpBB, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to use it for making HTTP requests to other sites. [Read More]
|
|
|
|
|
|
Release Date:
2006-04-03 |
Secunia Advisory ID:
SA19494 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
Preddy has discovered a vulnerability in phpBB, which can be exploited by malicious people to conduct cross-site scripting attacks. [Read More]
|
|
|
|
|
|
Release Date:
2006-02-07 |
Secunia Advisory ID:
SA18727 |
Solution Status:
Vendor Patch |
|
Criticality:
 |
Impact:
Manipulation of data
Brute force
|
Where:
From remote |
|
Short Description:
Chinchilla has reported a weakness in phpBB, which potentially can be exploited by malicious people to change other user's passwords. [Read More]
|
|
|
|
|
|
Release Date:
2006-02-06 |
Secunia Advisory ID:
SA18693 |
Solution Status:
Vendor Workaround |
|
Criticality:
|
Impact:
Hijacking
Cross Site Scripting
Exposure of sensitive information
|
Where:
From remote |
|
Short Description:
Maksymilian Arciemowicz has discovered a vulnerability in phpBB, which can be exploited by malicious people to disclose sensitive information. [Read More]
|
|
|
|
|
|
Release Date:
2006-01-02 |
Secunia Advisory ID:
SA18252 |
Solution Status:
Vendor Patch |
|
Criticality:
 |
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
A vulnerability has been reported in phpBB, which can be exploited by malicious people to conduct script insertion attacks. [Read More]
|
|
|
|
|
|
Release Date:
2005-12-19 |
Secunia Advisory ID:
SA18125 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
Exposure of system information
|
Where:
From remote |
|
Short Description:
Maksymilian Arciemowicz has discovered a security issue in phpBB, which can be exploited by malicious people to conduct script insertion attacks. [Read More]
|
|
|
|
|
|
Release Date:
2005-10-31 |
Secunia Advisory ID:
SA17366 |
Solution Status:
Vendor Patch |
|
Criticality:
 |
Impact:
Security Bypass
Cross Site Scripting
Manipulation of data
System access
|
Where:
From remote |
|
Short Description:
Some vulnerabilities have been reported in phpBB, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, and compromise a vulnerable system. [Read More]
|
|
|
|
|
|
Release Date:
2005-10-24 |
Secunia Advisory ID:
SA17295 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
K-Gen has discovered a vulnerability in phpBB, which can be exploited by malicious people to conduct script insertion attacks. [Read More]
|
|
|
|
|
|
Release Date:
2005-09-21 |
Secunia Advisory ID:
SA16868 |
Solution Status:
Vendor Workaround |
|
Criticality:
|
Impact:
Exposure of system information
|
Where:
From remote |
|
Short Description:
A weakness has been discovered in phpBB, which can be exploited by malicious people to disclose certain system information. [Read More]
|
|
|
|
|
|
Release Date:
2005-07-21 |
Secunia Advisory ID:
SA16149 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Unknown
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
Some vulnerabilities have been reported in phpBB. Some have unknown impacts, and another can be exploited by malicious people to conduct script insertion attacks. [Read More]
|
|
|
|
|
|
Release Date:
2005-06-28 |
Secunia Advisory ID:
SA15845 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
System access
|
Where:
From remote |
|
Short Description:
Two vulnerabilities have been reported in phpBB, which can be exploited by malicious people to conduct script insertion attacks and compromise a vulnerable system. [Read More]
|
|
|
|
|
|
Release Date:
2005-05-09 |
Secunia Advisory ID:
SA15298 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
A vulnerability has been reported in phpBB, which can be exploited by malicious people to conduct script insertion attacks. [Read More]
|
|
|
|
|
|
Release Date:
2005-03-08 |
Secunia Advisory ID:
SA14493 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Security Bypass
|
Where:
From remote |
|
Short Description:
"Some one" has reported a vulnerability in phpBB, which can be exploited by malicious people to bypass certain security restrictions. [Read More]
|
|
|
|
|
|
Release Date:
2005-03-07 |
Secunia Advisory ID:
SA14475 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
Paisterist has reported a vulnerability in phpBB, which can be exploited by malicious users to conduct script insertion attacks. [Read More]
|
|
|
|
|
|
Release Date:
2005-02-28 |
Secunia Advisory ID:
SA14413 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Security Bypass
|
Where:
From remote |
|
Short Description:
A vulnerability has been reported in phpBB, which can be exploited by malicious people to bypass certain security restrictions. [Read More]
|
|
|
|
|
|
Release Date:
2005-02-22 |
Secunia Advisory ID:
SA14362 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Manipulation of data
Exposure of sensitive information
|
Where:
From remote |
|
Short Description:
AnthraX101 has reported two vulnerabilities in phpBB, which can be exploited by malicious users to disclose and delete sensitive information. [Read More]
|
|
|
|
|
|
Release Date:
2004-11-19 |
Secunia Advisory ID:
SA13239 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
Manipulation of data
System access
|
Where:
From remote |
|
Short Description:
Some vulnerabilities have been reported in phpBB, which can be exploited by malicious people to execute arbitrary commands, conduct SQL injection and cross-site scripting attacks. [Read More]
|
|
|
|
|
|
Release Date:
2004-07-22 |
Secunia Advisory ID:
SA12114 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
Ory Segal has reported some vulnerabilities in phpBB, allowing malicious people to conduct Cross Site Scripting attacks. [Read More]
|
|
|
|
|
|
Release Date:
2004-07-13 |
Secunia Advisory ID:
SA12055 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Unknown
Security Bypass
Cross Site Scripting
Spoofing
Manipulation of data
|
Where:
From remote |
|
Short Description:
phpBB Group has released a new version of phpBB, which fixes some previously reported vulnerabilities and a Cross Site Scripting vulnerability. [Read More]
|
|
|
|
|
|
Release Date:
2004-04-21 |
Secunia Advisory ID:
SA11434 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Spoofing
|
Where:
From remote |
|
Short Description:
Wang has reported a vulnerability in phpBB, which can be exploited by malicious users to circumvent certain administrative user management features. [Read More]
|
|
|
|
|
|
Release Date:
2004-03-29 |
Secunia Advisory ID:
SA11229 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Manipulation of data
|
Where:
From remote |
|
Short Description:
Janek Vind has reported a vulnerability in phpBB, allowing malicious people to conduct SQL injection attacks. [Read More]
|
|
|
|
|
|
Release Date:
2004-03-29 |
Secunia Advisory ID:
SA11221 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Security Bypass
Manipulation of data
|
Where:
From remote |
|
Short Description:
The vendor has released a new version of phpBB. This fixes multiple vulnerabilities, allowing malicious people to conduct SQL injection attacks. [Read More]
|
|
|
|
|
|
Release Date:
2004-03-23 |
Secunia Advisory ID:
SA11189 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
Cheng Peng Su has reported a vulnerability in phpBB, allowing malicious people to conduct Cross Site Scripting attacks. [Read More]
|
|
|
|
|
|
Release Date:
2004-03-15 |
Secunia Advisory ID:
SA11121 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
Manipulation of data
|
Where:
From remote |
|
Short Description:
Some vulnerabilities have been reported in phpBB, allowing malicious people to conduct Cross Site Scripting and SQL injection attacks. [Read More]
|
|
|
|
|
|
Release Date:
2004-03-01 |
Secunia Advisory ID:
SA11006 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
Cheng Peng Su has reported a vulnerability in phpBB, allowing malicious people to conduct Cross Site Scripting attacks. [Read More]
|
|
|
|
|
|
Release Date:
2003-12-30 |
Secunia Advisory ID:
SA10515 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Security Bypass
|
Where:
From remote |
|
Short Description:
Zarath has reported a vulnerability in phpBB, allowing malicious moderators to manipulate SQL queries. [Read More]
|
|
|
|
|
|
Release Date:
2003-11-28 |
Secunia Advisory ID:
SA10308 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Manipulation of data
Exposure of sensitive information
|
Where:
From remote |
|
Short Description:
A vulnerability has been reported in phpBB, which can be exploited by malicious people to inject arbitrary SQL code. [Read More]
|
|
|
|
|
|
Release Date:
2003-09-10 |
Secunia Advisory ID:
SA9703 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
A vulnerability has been reported in phpBB, which can be exploited by malicious people to conduct Cross-Site Scripting attacks against other users. [Read More]
|
|
|
|
|
|
Release Date:
2003-08-19 |
Secunia Advisory ID:
SA9567 |
Solution Status:
Vendor Workaround |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
A vulnerability has been identified in phpBB allowing malicious people to conduct Cross Site Scirpting attacks against users. [Read More]
|
|
|
|
|
|
Release Date:
2003-06-23 |
Secunia Advisory ID:
SA9090 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Exposure of sensitive information
|
Where:
From remote |
|
Short Description:
Rick Patel has reported a vulnerability in phpBB, which can be exploited by malicious people to conduct SQL injection attacks. [Read More]
|
|
|
|
|
|
Release Date:
2003-02-25 |
Secunia Advisory ID:
SA8145 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Exposure of sensitive information
|
Where:
From remote |
|
Short Description:
An input validation error has been identified in phpBB, which allows a malicious person to gain knowledge of sensitive information by conducting a SQL injection attack. [Read More]
|
|
|
|
|
|
Release Date:
2003-01-17 |
Secunia Advisory ID:
SA7887 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Manipulation of data
|
Where:
From remote |
|
Short Description:
phpBB is vulnerable to SQL injection. The privmsg.php script does not verify input correctly, this allows users delete the body of other users messages, but not the title and meta data. [Read More]
|
|
|
|
|
|
Release Date:
2002-11-27 |
Secunia Advisory ID:
SA7609 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
Pete Foster has reported a vulnerability in phpBB, which can be exploited by malicious users to conduct script insertion attacks. [Read More]
|
|
|
|
|
|
Release Date:
2002-11-19 |
Secunia Advisory ID:
SA7551 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Cross Site Scripting
|
Where:
From remote |
|
Short Description:
A vulnerability has been reported in phpBB, which can be exploited by malicious people to conduct cross-site scripting attacks. [Read More]
|
|
|
|
|
|
Release Date:
2002-10-10 |
Secunia Advisory ID:
SA7269 |
Solution Status:
Vendor Patch |
|
Criticality:
|
Impact:
Exposure of sensitive information
|
Where:
From remote |
|
Short Description:
phpBB reveals user IP addresses to other users. [Read More]
|
|
|
