CVE-2020-5502 — Cross-Site Request Forgery in Phpbb

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 71.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

1

Timeline

PublishedJan 15

Latest updateMay 24

Description

phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Packagistphpbb/phpbb< 3.2.9

▶NVDphpbb/phpbb3.2.8

🔴Vulnerability Details

2

OSV

phpBB allows CSRF↗2022-05-24

▶

GHSA

phpBB allows CSRF↗2022-05-24

▶