CVE-2003-1530
phpBB <= 2.0.3 - SQL Injection via privmsg.php mark[] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-1530. PoCs published by Ulf Harnhammar.
AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in phpBB2 to delete the text of all private messages by manipulating URI parameters. It sends a crafted HTTP POST request to the target host with a malicious SQL payload.
Description
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ulf Harnhammar · perlwebappsphp
https://www.exploit-db.com/exploits/22182
This exploit leverages a SQL injection vulnerability in phpBB2 to delete the text of all private messages by manipulating URI parameters. It sends a crafted HTTP POST request to the target host with a malicious SQL payload.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
phpBB2
Auth required
Prerequisites:
Target host running phpBB2 · Valid session ID (sid)
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6634
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/307212/30/26300/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/7887/
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-01/0125.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/4277
Scores
EPSS
0.0106
EPSS Percentile
60.1%
Details
CWE
CWE-89
Status
published
Products (1)
phpbb/phpbb
2.0.3
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026