Cross-Site Request Forgery in phpBB 2.0.22 Private Message Feature
CVE-2008-0471

Currently unrated

Key Information:

Vendor

PHPbb

Status
PHPbb
Vendor
CVE Published:
29 January 2008

What is CVE-2008-0471?

A vulnerability exists in the phpBB 2.0.22 platform that permits remote attackers to execute cross-site request forgery attacks. Specifically, the flaw lies within the privmsg.php file, where an attacker can initiate actions to delete private messages (PM) as any user without their consent. This malicious action can occur through a deceitful request that exploits the lack of adequate verification, making it crucial for phpBB users to implement security measures to mitigate potential unauthorized message deletions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/28871
third-party-advisoryx_refsource_SECUNIA
http://securityreason.com/securityalert/3585
third-party-advisoryx_refsource_SREASON
http://www.debian.org/security/2008/dsa-1488
vendor-advisoryx_refsource_DEBIAN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.