In phpBB prior to 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpbb phpbb |
||
debian debian linux 8.0 |