CVE-2006-0438

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.19

Description A cross-site request forgery (CSRF) issue exists when Link to off-site Avatar or bbcode (IMG) are enabled, allowing remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag in a user profile. This can be achieved by using links to API endpoints such as "admin/admin users.php" and "modcp.php".

Recommendations For phpBB version 2.0.19, consider disabling the Link to off-site Avatar or bbcode (IMG) features until a patch is available to prevent exploitation of this issue. Restrict access to sensitive API endpoints, such as "admin/admin users.php" and "modcp.php", to minimize the risk of unauthorized actions.