MxbbCVEs & Vulnerabilities

16 CVEs affecting Mxbb products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

kb mods 2mxbb portal 2modsdb 1mxbb 1mxbb charts 1mxbb faq 1mxbb meeting 1mxbb newssuite 1
CVE-2007-5178MEDIUMpoc

contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.

3 Oct 2007
6.8
CVSS
CVE-2007-2493CRITICALpoc

PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

4 May 2007
10.0
CVSS
CVE-2007-2313HIGHpoc

PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

27 Apr 2007
7.5
CVSS
CVE-2006-6650MEDIUMpoc

PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

20 Dec 2006
6.8
CVSS
CVE-2006-6644MEDIUMpoc

PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

20 Dec 2006
6.8
CVSS
CVE-2006-6645HIGHpoc

PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

20 Dec 2006
7.5
CVSS
CVE-2006-6615HIGHpoc

PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

18 Dec 2006
7.5
CVSS
CVE-2006-6568CRITICALpoc

Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.

15 Dec 2006
10.0
CVSS
CVE-2006-6567CRITICALpoc

PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

15 Dec 2006
10.0
CVSS
CVE-2006-6566HIGHpoc

PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

15 Dec 2006
7.5
CVSS
CVE-2006-6560HIGHpoc

PHP remote file inclusion vulnerability in includes/common.php in the mx_modsdb 1.0.0 module for MxBB (aka MX-System) Portal allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

14 Dec 2006
7.5
CVSS
CVE-2006-6553HIGHpoc

PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

14 Dec 2006
7.5
CVSS
CVE-2006-6295MEDIUMpoc

PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

5 Dec 2006
6.8
CVSS
CVE-2006-6065MEDIUMpoc

PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

22 Nov 2006
5.1
CVSS
CVE-2006-5803HIGH

PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

8 Nov 2006
7.5
CVSS
CVE-2006-2361HIGHpoc

PHP remote file inclusion vulnerability in pafiledb_constants.php in Download Manager (mxBB pafiledb) integration, as used with phpBB, allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

15 May 2006
7.5
CVSS
← PrevPage 1 / 1Next →