CSRF Vulnerability in phpBB Affects Group Avatar Modification
CVE-2020-5501

4.3MEDIUM

Key Information:

Vendor: PHPbb
Status: PHPbb
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-5501?

The vulnerability allows attackers to perform unauthorized actions on behalf of an authenticated user in phpBB 3.2.8, specifically enabling modifications to group avatars. By exploiting this flaw, a malicious user can deceive victims into executing unintended commands, potentially compromising the integrity of the web application.

References

https://blog.phpbb.com/category/security/

x_refsource_MISC

https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Jan 5, 2020

CVE-2020-5501 Data

JSON

PHPbb

What is CVE-2020-5501?

References

CVSS V3.1

Timeline