CVE-2015-1432
published 2015-02-10CVE-2015-1432: The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.11%
61.9th percentile
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbb | phpbb | <= 3.0.12 | — |
| phpbb3 | phpbb3 | >= 0 < 3.0.12-1ubuntu0.1~esm1 | 3.0.12-1ubuntu0.1~esm1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m45m-xf2m-pmfw: The message_options function in includes/ucp/ucp_pm_options
ghsa_unreviewed·2022-05-17
CVE-2015-1432 [MEDIUM] CWE-352 GHSA-m45m-xf2m-pmfw: The message_options function in includes/ucp/ucp_pm_options
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.
OSV
CVE-2015-1432: The message_options function in includes/ucp/ucp_pm_options
osv·2015-02-10·CVSS 6.8
CVE-2015-1432 [MEDIUM] CVE-2015-1432: The message_options function in includes/ucp/ucp_pm_options
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/oss-sec/2015/q1/373http://www.securityfocus.com/bid/72399https://exchange.xforce.ibmcloud.com/vulnerabilities/100671https://github.com/phpbb/phpbb/commit/23069a13e203985ab124d1139e8de74b12778449https://github.com/phpbb/phpbb/pull/3311https://security.gentoo.org/glsa/201701-25https://tracker.phpbb.com/browse/PHPBB3-13526https://wiki.phpbb.com/Release_Highlights/3.0.13http://seclists.org/oss-sec/2015/q1/373http://www.securityfocus.com/bid/72399https://exchange.xforce.ibmcloud.com/vulnerabilities/100671https://github.com/phpbb/phpbb/commit/23069a13e203985ab124d1139e8de74b12778449https://github.com/phpbb/phpbb/pull/3311https://security.gentoo.org/glsa/201701-25https://tracker.phpbb.com/browse/PHPBB3-13526https://wiki.phpbb.com/Release_Highlights/3.0.13
2015-02-10
Published