Phpbb Phpbb
6 CVEs affecting Phpbb Phpbb. Latest disclosed: 2026-05-04. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-29199 | High | 8.1 | 2026-05-04 | phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostn… |
CVE-2015-3880 | Medium | 6.1 | 2017-09-19 | Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and… |
CVE-2015-1432 | | 2015-02-10 | The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers t… | |
CVE-2015-1431 | | 2015-02-10 | Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vect… | |
CVE-2010-1630 | | 2010-05-19 | Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances relate… | |
CVE-2010-1627 | | 2010-05-19 | feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions vi… |