Sir Gnuboard
39 CVEs affecting Sir Gnuboard. Latest disclosed: 2025-10-23. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-18662 | Critical | 9.8 | 2021-06-24 | SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. |
CVE-2005-0269 | Critical | 9.8 | 2005-05-02 | The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbi… |
CVE-2024-41475 | High | 8.8 | 2024-08-12 | Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration. |
CVE-2022-1252 | High | 8.2 | 2022-04-11 | Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and b… |
CVE-2022-44216 | High | 7.5 | 2023-02-20 | Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password. |
CVE-2025-61464 | Medium | 6.5 | 2025-10-23 | gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php. |
CVE-2025-60859 | Medium | 6.1 | 2025-10-23 | Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_com… |
CVE-2024-37658 | Medium | 6.1 | 2025-07-07 | An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php. |
CVE-2024-37657 | Medium | 6.1 | 2025-07-07 | An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component. |
CVE-2024-37656 | Medium | 6.1 | 2025-07-07 | An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification i… |
CVE-2024-39097 | Medium | 6.1 | 2024-08-26 | There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path. |
CVE-2024-24157 | Medium | 6.1 | 2024-05-14 | Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. |
CVE-2024-24156 | Medium | 6.1 | 2024-03-16 | Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrar… |
CVE-2022-30050 | Medium | 6.1 | 2022-05-16 | Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. |
CVE-2020-18663 | Medium | 6.1 | 2021-06-24 | Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php. |
CVE-2020-18661 | Medium | 6.1 | 2021-06-24 | Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php. |
CVE-2018-18674 | Medium | 6.1 | 2019-11-07 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_u… |
CVE-2018-18678 | Medium | 6.1 | 2019-10-30 | GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the ad… |
CVE-2018-18668 | Medium | 6.1 | 2019-08-26 | GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_for… |
CVE-2018-18676 | Medium | 6.1 | 2019-07-23 | GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board… |