CVE-2008-7143

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.23

Description The issue allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header, when the moderator or administrator closes a thread. This occurs because the session ID is included in a request to "modcp.php".

Recommendations For phpBB version 2.0.23, consider restricting access to the "modcp.php" module to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using images from remote hosts in posts, especially when closing threads, to prevent potential session hijacking.