PT-2020-20038 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions prior to 3.2.10 phpBB versions prior to 3.3.1 Description: A vulnerability exists that allows the remote image dimensions check to be used for Server-Side Request Forgery SSRF. Recommendations: For versions prior to 3.2.10,...

phpBB < 3.2.10, 3.3.0 Multiple Vulnerabilities

phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...

Vulnerability which allows remote image dimensions check to be used to SSRF

More info at https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636...

Vulnerability which allows remote image dimensions check to be used to SSRF

More info at https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636...

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

Code injection

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

phpBB Injection Vulnerability

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. phpBB 3.2.7 version of an injection vulnerability , the vulnerability stems from the program fails to validate the BBCode paramete...

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

CVE-2019-16108

Summary (CVE-2019-16108): phpBB 3.2.7 is vulnerable to CSS injection via BBCode that can inject an arbitrary CSS token sequence into a page. The root cause is insecure handling/validation of BBCode parameters, enabling an attacker to alter page styling. The vulnerability affects phpBB 3.2.7; no e...

phpBB Cross-Site Request Forgery Vulnerability (CNVD-2020-19555)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB 3.2.7, which can be exploited by attackers to delete post attachments...

CVE-2019-16107

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...

CVE-2019-16107

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...

Cross site request forgery (csrf)

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...

CVE-2019-16107

phpBB 3.2.7 is vulnerable to Cross-Site Request Forgery (CSRF) due to missing form token validation when deleting post attachments. This CVE-2019-16107 is corroborated by Red Hat, OSV, GHSA, CNVD/NVD, and CVE listings. The available sources describe the issue and affected behavior but do not prov...

CVE-2019-16107

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...

phpBB cross-site request forgery vulnerability (CNVD-2020-03224)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB. An attacker can use this vulnerability to modify the group avatar...

phpBB cross-site request forgery vulnerability (CNVD-2020-03226)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB. An attacker can exploit this vulnerability to approve the identity of...

Cross-Site Request Forgery (CSRF)

phpbb/phpbb is vulnerable to cross-site request forgery CSRF. The vulnerability exists as an invalid token can be used for submitting new avatars in ucp/ucpgroups.php...

Cross-Site Request Forgery (CSRF)

phpBB/phpbb is vulnerable to cross-site request forgery CSRF. A remote attacker is able to approve pending group memberships on behalf of the administrator. The vulnerability exists as the application does not validate and verify the authenticity of requests...