CVE-2011-0544

phpbb 3.0.x-3.0.6 has an XSS vulnerability via the flash BB tag...

CVE-2011-0544

CVE-2011-0544 affects phpBB 3.0.x–3.0.6 with an XSS vulnerability via the [flash] BB tag . The available documents consistently identify this issue in phpBB 3.0.x–3.0.6, but provide no explicit root-cause details, affected components beyond the flash tag, exploit status, or remediation (patch/ver...

phpBB Cross-Site Request Forgery Vulnerability (CNVD-2020-17197)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB. An attacker can exploit this vulnerability to send a malformed HTTP...

phpBB cross-site request forgery vulnerability (CNVD-2019-34464)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB, which arises from a WEB application that does not adequately validate...

Cross-Site Request Forgery (CSRF)

phpbb is vulnerable to cross-site request forgery CSRF. The CSRF token is not properly verified in includes/acp/acpbbcodes.php, which would allow a remote attacker to perform an action on behalf of the user upon visiting of a malicious site. The exploit is possible through the retrieval of sessio...

Debian DLA-1942-2 : phpbb3 regression update

CVE-2019-16993 In phpBB, includes/acp/acpbbcodes.php had improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack was possible if an attacker also managed to retrieve the session id of a reauthenticated administrator prior to targeting...

phpBB < 3.1.7-PL1 CSRF Vulnerability

phpBB is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb";...

CVE-2019-16993

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

CVE-2019-16993

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

UBUNTU-CVE-2019-16993

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

CVE-2019-16993

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

Cross site request forgery (csrf)

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

CVE-2019-16993

CVE-2019-16993 affects phpBB

CVE-2019-16993

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

Session Token In URL

PhpBB sends the session token via a GET parameter in the URL. Due to the way phpbb works, having the session ID is not enough for a remote attacker to gain access to the application since the session tokens are tied to an IP address. However, with knowledge of the administrator's session ID, the...

CVE-2019-13376

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...

CVE-2019-13376

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...

Cross site request forgery (csrf)

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...

UBUNTU-CVE-2019-13376

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...

CVE-2019-13376

CVE-2019-13376 affects phpBB version 3.2.7. The vulnerability arises from CSRF in the Remote Avatar feature, enabling token hijacking that can steal an Administration Control Panel session ID and leads to stored XSS. The connected documents corroborate the affected component and the root cause (C...