Cross-Site Request Forgery in phpBB Affects Version Before 3.0.13
CVE-2015-1432

Currently unrated

Key Information:

Vendor

PHPbb

Status
PHPbb
Vendor
CVE Published:
10 February 2015

What is CVE-2015-1432?

The message_options function in phpBB versions before 3.0.13 lacks proper validation for the form key, which opens the door to Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows remote attackers to alter user settings, including the full folder setting, without the user's consent. The exploitation occurs through unspecified vectors, posing a risk to site integrity and user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/oss-sec/2015/q1/373
mailing-listx_refsource_MLIST
https://wiki.phpbb.com/Release_Highlights/3.0.13
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201701-25
vendor-advisoryx_refsource_GENTOO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.