CVE-2015-1432Cross-Site Request Forgery in Phpbb

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.5%
top 33.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Phpbb3Phpbb
Timeline
PublishedFeb 10
Latest updateMay 17

Description

The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Ubuntuphpbb3/phpbb3< 3.0.12-1ubuntu0.1~esm1
NVDphpbb/phpbb3.0.12

🔴Vulnerability Details

2
GHSA
GHSA-m45m-xf2m-pmfw: The message_options function in includes/ucp/ucp_pm_options2022-05-17
OSV
CVE-2015-1432: The message_options function in includes/ucp/ucp_pm_options2015-02-10