CVE-2008-7143
phpBB 2.0.23 is affected. When a moderator/administrator closes a thread, the session ID can be exposed in a Referer header during a post that includes a URL to a remotely hosted image, enabling remote attackers to hijack the user session. The NVD entry lists CVSS v2 metrics: AV:N/AC:M/Au:N/C:P/I...