PT-2015-5283 · Phpbb Limited · Phpbb
Fbneal
+1
·
Publicado
2015-02-10
·
Atualizado
2017-09-08
·
CVE-2015-1432
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpBB versions prior to 3.0.13
Description
The issue concerns the message options function in includes/ucp/ucp pm options.php, which does not properly validate the form key. This allows remote attackers to conduct CSRF attacks and change the full folder setting.
Recommendations
For versions prior to 3.0.13, update to version 3.0.13 or later to resolve the issue.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Phpbb