PT-2023-32416 · Phpbb · Phpbb
Shin24
·
Publicado
2023-11-02
·
Atualizado
2024-05-17
·
CVE-2023-5917
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
phpBB versions up to 3.3.10
Description
A problematic issue has been found in phpBB, affecting the function main of the file phpBB/includes/acp/acp icons.php of the component Smiley Pack Handler. The manipulation of the argument
pak leads to cross-site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue.Recommendations
For phpBB versions up to 3.3.10, upgrade to version 3.3.11 to address the issue. As a temporary workaround, consider restricting access to the vulnerable component Smiley Pack Handler until the upgrade is applied. Avoid using the argument
pak in the affected function main until the issue is resolved.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Phpbb