Sir Gnuboard

39 CVEs affecting Sir Gnuboard. Latest disclosed: 2025-10-23. Critical: 2, High: 3.

Top CVEs affecting Sir Gnuboard
CVESeverityScorePublishedSummary
CVE-2020-18662Critical9.82021-06-24SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
CVE-2005-0269Critical9.82005-05-02The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbi…
CVE-2024-41475High8.82024-08-12Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
CVE-2022-1252High8.22022-04-11Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and b…
CVE-2022-44216High7.52023-02-20Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.
CVE-2025-61464Medium6.52025-10-23gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.
CVE-2025-60859Medium6.12025-10-23Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_com…
CVE-2024-37658Medium6.12025-07-07An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.
CVE-2024-37657Medium6.12025-07-07An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.
CVE-2024-37656Medium6.12025-07-07An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification i…
CVE-2024-39097Medium6.12024-08-26There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.
CVE-2024-24157Medium6.12024-05-14Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py.
CVE-2024-24156Medium6.12024-03-16Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrar…
CVE-2022-30050Medium6.12022-05-16Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.
CVE-2020-18663Medium6.12021-06-24Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php.
CVE-2020-18661Medium6.12021-06-24Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
CVE-2018-18674Medium6.12019-11-07GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_u…
CVE-2018-18678Medium6.12019-10-30GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the ad…
CVE-2018-18668Medium6.12019-08-26GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_for…
CVE-2018-18676Medium6.12019-07-23GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board…