Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpBB Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2015-1432 - Vulnerability Database
phpBB

phpBB Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2015-1432

Medium
Reference: CVE-2015-1432
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-1432
Title: phpBB Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.