Phpbb Limited · Phpbb · CVE-2015-1432
**Name of the Vulnerable Software and Affected Versions**
phpBB versions prior to 3.0.13
**Description**
The issue concerns the message options function in includes/ucp/ucp pm options.php, which does not properly validate the form key. This allows remote attackers to conduct CSRF attacks and change the full folder setting.
**Recommendations**
For versions prior to 3.0.13, update to version 3.0.13 or later to resolve the issue.