CVE-2019-16993

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.1.7-PL1

Description The issue concerns improper verification of a CSRF token on the BBCode page in the Administration Control Panel. This could potentially allow for a CSRF attack if an attacker also obtains the session id of a reauthenticated administrator.

Recommendations For versions prior to 3.1.7-PL1, update to version 3.1.7-PL1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Administration Control Panel to minimize the risk of exploitation.