Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2008-7143 - Vulnerability Database
phpBB

phpBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2008-7143

Medium
Reference: CVE-2008-7143
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2008-7143
Title: phpBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image which might include the session ID in the Referer header.