PblangCVEs & Vulnerabilities

11 CVEs affecting Pblang products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

pblang 23
CVE-2007-3096MEDIUMpoc

Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

7 Jun 2007
6.8
CVSS
CVE-2007-1052CRITICAL

PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation

22 Feb 2007
10.0
CVSS
CVE-2006-5062HIGHpoc

PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter.

28 Sep 2006
7.5
CVSS
CVE-2005-3919MEDIUMpoc

Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php.

30 Nov 2005
4.3
CVSS
CVE-2005-2893HIGH

Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login.

14 Sep 2005
7.5
CVSS
CVE-2005-2894MEDIUM

Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field.

14 Sep 2005
4.3
CVSS
CVE-2005-2895MEDIUM

setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message.

14 Sep 2005
5.0
CVSS
CVE-2005-2892MEDIUMpoc

Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.

14 Sep 2005
5.0
CVSS
CVE-2005-0526MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php.

2 May 2005
4.3
CVSS
CVE-2005-0630LOW

sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.

1 Mar 2005
2.1
CVSS
CVE-2005-0631LOW

delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters.

1 Mar 2005
2.1
CVSS
← PrevPage 1 / 1Next →