Published: 10/02/2015 Updated: 08/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The message_options function in includes/ucp/ucp_pm_options.php in phpBB prior to 3.0.13 does not properly validate the form key, which allows remote malicious users to conduct CSRF attacks and change the full folder setting via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpbb phpbb

Debian Bug report logs - #776699 phpbb3: CVE-2015-1431/CVE-2015-1432: CSRF and CSS injection Package: phpbb3; Maintainer for phpbb3 is phpBB packaging team <phpbb-l@listsa-eskwadraatnl>; Source for phpbb3 is src:phpbb3 (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Sat, 31 Jan 2015 12:36:01 UTC ...

CWE-352 https://github.com/phpbb/phpbb/pull/3311 https://github.com/phpbb/phpbb/commit/23069a13e203985ab124d1139e8de74b12778449 http://www.securityfocus.com/bid/72399 https://wiki.phpbb.com/Release_Highlights/3.0.13 https://tracker.phpbb.com/browse/PHPBB3-13526 http://seclists.org/oss-sec/2015/q1/373 https://security.gentoo.org/glsa/201701-25 https://exchange.xforce.ibmcloud.com/vulnerabilities/100671 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776699 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1432

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect