CSRF Vulnerability in phpBB 3.2.7 Allows Unauthorized Deletion of Post Attachments
CVE-2019-16107

4.3MEDIUM

Key Information:

Vendor: PHPbb
Status: PHPbb
Vendor: CVE Published:; 11 March 2020

What is CVE-2019-16107?

In phpBB version 3.2.7, a security flaw exists due to the absence of adequate form token validation, which could allow an attacker to exploit the system via Cross-Site Request Forgery (CSRF). This vulnerability permits unauthorized deletion of post attachments, potentially leading to data loss and compromised user accounts. Users of affected versions are encouraged to apply the latest updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.phpbb.com/community/viewforum.php?f=14

x_refsource_MISC

https://www.phpbb.com/community/viewtopic.php?t=2523271

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2020
Vulnerability Reserved
Sep 8, 2019

JSON

PHPbb

What is CVE-2019-16107?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.