Описание
phpBB Cross-Site Request Forgery (CSRF)
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
Пакеты
Наименование
phpbb/phpbb
composer
Затронутые версииВерсия исправления
<= 3.2.7
3.2.8
Связанные уязвимости
CVSS3: 6.5
ubuntu
больше 6 лет назад
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
CVSS3: 6.5
nvd
больше 6 лет назад
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
CVSS3: 6.5
debian
больше 6 лет назад
phpBB version 3.2.7 allows the stealing of an Administration Control P ...