4 matches found
Cross-Site Request Forgery (CSRF)
phpbb is vulnerable to cross-site request forgery CSRF. The CSRF token is not properly verified in includes/acp/acpbbcodes.php, which would allow a remote attacker to perform an action on behalf of the user upon visiting of a malicious site. The exploit is possible through the retrieval of sessio...
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...
CVE-2019-13376
CVE-2019-13376 affects phpBB version 3.2.7. The vulnerability arises from CSRF in the Remote Avatar feature, enabling token hijacking that can steal an Administration Control Panel session ID and leads to stored XSS. The connected documents corroborate the affected component and the root cause (C...
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...