CVE-2020-5501Cross-Site Request Forgery in Phpbb

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 71.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpbb
Timeline
PublishedJan 15
Latest updateMay 24

Description

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

Packagistphpbb/phpbb3.2.83.2.9
NVDphpbb/phpbb3.2.8

🔴Vulnerability Details

2
OSV
phpBB Cross-Site Request Forgery (CSRF)2022-05-24
GHSA
phpBB Cross-Site Request Forgery (CSRF)2022-05-24