GCVE - cpe:2.3:a:phpbb:phpbb:2.0.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:phpbb:phpbb:2.0.3:*:*:*:*:*:*:*

part: a version: 2.0.3 update: *

Vendor	Phpbb (`3b8545c5-ebe8-5695-b55a-b077792aa8a9`)
Product	Phpbb (`02c687c8-c390-5ec1-b1ce-9e7958426c2f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/phpbb/phpbb`	purl2cpe	2026-06-01 10:11:51.879526
`pkg:rpm/opensuse/phpbb`	purl2cpe	2026-06-01 10:11:51.879528

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-6506`	vulnerable	2026-06-03 14:29:13.570739	Details available Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. Published: 2009-03-23T16:00:00.000Z Updated: 2024-08-07T11:34:47.109Z Open on db.gcve.eu Reference links http://www.phpbb.com/community/viewtopic.php?f=14&t=1352565 http://secunia.com/advisories/33166 http://www.securityfocus.com/bid/32842 http://www.phpbb.com/support/documents.php?mode=changelog&version=3#v303 http://www.openwall.com/lists/oss-security/2009/02/06/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-1530`	vulnerable	2026-06-03 14:26:33.599274	Details available SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter. Published: 2007-11-08T20:00:00.000Z Updated: 2024-08-08T02:35:16.520Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/6634 http://www.securityfocus.com/archive/1/307212/30/26300/threaded http://secunia.com/advisories/7887/ http://archives.neohapsis.com/archives/bugtraq/2003-01/0125.html http://www.osvdb.org/4277	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-2346`	vulnerable	2026-06-03 14:26:23.845710	Details available phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. Published: 2007-10-29T19:00:00.000Z Updated: 2024-09-16T23:20:37.695Z Open on db.gcve.eu Reference links http://www.iss.net/security_center/static/10323.php http://online.securityfocus.com/archive/1/294560 http://www.securityfocus.com/bid/5923	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-2255`	vulnerable	2026-06-03 14:26:23.608156	Details available Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode. Published: 2007-10-14T20:00:00.000Z Updated: 2024-08-08T03:59:11.686Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/6311 https://exchange.xforce.ibmcloud.com/vulnerabilities/10773 http://archives.neohapsis.com/archives/bugtraq/2002-12/0053.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.