📦

minibb

Vendor: minibb

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 11 Code Available
Total RCEs 0 Remote Access
Total CVEs 20 Total Indexed
Avg. EPSS 3.39% Exploit Prob.
Latest CVE CVE-2018-6506 Feb 12

Security Vulnerability Index

Page 2 / 2
7.5 CVSS
CVE-2007-2317
Exploit Found

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.

EPSS: 7.64%
7.5 CVSS
CVE-2006-5674

Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin.

EPSS: 0.74%
6.8 CVSS
CVE-2006-5673
Exploit Found

PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.

EPSS: 11.95%
7.5 CVSS
CVE-2006-3955
Exploit Found

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php.

EPSS: 8.01%
7.5 CVSS
CVE-2004-2456
Exploit Found

SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action.

EPSS: 1.23%