Lucene search
MitreCVELIST:CVE-2015-1432HistoryFeb 10, 2015 - 5:00 p.m.
CVE-2015-1432
2015-02-1017:00:00
mitre
www.cve.org
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.
References
seclists.org/oss-sec/2015/q1/373
www.securityfocus.com/bid/72399
exchange.xforce.ibmcloud.com/vulnerabilities/100671
github.com/phpbb/phpbb/commit/23069a13e203985ab124d1139e8de74b12778449
github.com/phpbb/phpbb/pull/3311
security.gentoo.org/glsa/201701-25
tracker.phpbb.com/browse/PHPBB3-13526
wiki.phpbb.com/Release_Highlights/3.0.13
Related
nvd
nvd
CVE-2015-1432
2015-02-10 17:59:01
cve
cve
CVE-2015-1432
2015-02-10 17:59:01
ubuntucve
ubuntucve
CVE-2015-1432
2015-02-10 00:00:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2017-07-30 19:44:33
prion
prion
Cross site request forgery (csrf)
2015-02-10 17:59:00
nessus
nessus
GLSA-201701-25 : phpBB: Multiple vulnerabilities
2017-01-12 00:00:00
gentoo
gentoo
phpBB: Multiple vulnerabilities
2017-01-11 00:00:00