Information on source package phpbb3

Available versions

ReleaseVersion
jessie3.0.12-5+deb8u1
jessie (security)3.0.12-5+deb8u4

Open issues

BugjessieDescription
CVE-2019-11767vulnerable (no DSA, postponed)Server side request forgery (SSRF) in phpBB before 3.2.6 allows checki ...

Resolved issues

BugDescription
TEMP-0570011-670DB5phpbb3 weak captcha
TEMP-0000000-812BACphpbb 3.0.7 permissions bypass
CVE-2019-9826The fulltext search component in phpBB before 3.2.6 allows Denial of S ...
CVE-2019-16993In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper v ...
CVE-2019-13376phpBB version 3.2.7 allows the stealing of an Administration Control P ...
CVE-2018-19274Passing an absolute path to a file_exists check in phpBB before 3.2.4 ...
CVE-2017-1000419phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar functio ...
CVE-2015-3880Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3. ...
CVE-2015-1432The message_options function in includes/ucp/ucp_pm_options.php in php ...
CVE-2015-1431Cross-site scripting (XSS) vulnerability in includes/startup.php in ph ...
CVE-2013-5724Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permis ...
CVE-2011-0544phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. ...
CVE-2010-1630Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unk ...
CVE-2010-1627feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permi ...
CVE-2008-6507Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ob ...
CVE-2008-6506Unspecified vulnerability in phpBB before 3.0.4 allows attackers to by ...
CVE-2008-4125The search function in phpBB 2.x provides a search_id value that leaks ...
CVE-2008-3224Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...
CVE-2008-1766Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknow ...

Security announcements

DSA / DLADescription
DLA-1942-2phpbb3 - security update
DLA-1942-1phpbb3 - security update
DLA-1775-1phpbb3 - security update
DLA-1593-1phpbb3 - security update
DSA-2752-1phpbb3 - too wide permissions

Search for package or bug name: Reporting problems