Vulnerabilities > CVE-2006-0438 - Cross-Site Request Forgery vulnerability in phpBB

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

phpbb-group

NVD

Published: 2006-02-06

Updated: 2017-07-20

Summary

Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.

Vulnerable Configurations

Part	Description	Count
Application	Phpbb_Group Phpbb Group Phpbb 2.0.0 Phpbb Group Phpbb 2.0.1 Phpbb Group Phpbb 2.0.2 Phpbb Group Phpbb 2.0.3 Phpbb Group Phpbb 2.0.4 Phpbb Group Phpbb 2.0.5 Phpbb Group Phpbb 2.0.6 Phpbb Group Phpbb 2.0.6C Phpbb Group Phpbb 2.0.6D Phpbb Group Phpbb 2.0.7 Phpbb Group Phpbb 2.0.7A Phpbb Group Phpbb 2.0.8 Phpbb Group Phpbb 2.0.8A Phpbb Group Phpbb 2.0.9 Phpbb Group Phpbb 2.0.10 Phpbb Group Phpbb 2.0.11 Phpbb Group Phpbb 2.0.12 Phpbb Group Phpbb 2.0.13 Phpbb Group Phpbb 2.0.14 Phpbb Group Phpbb 2.0.15 Phpbb Group Phpbb 2.0.16 Phpbb Group Phpbb 2.0.17 Phpbb Group Phpbb 2.0.18 Phpbb Group Phpbb 2.0.19 Phpbb Group Phpbb 2.0_Beta1 Phpbb Group Phpbb 2.0_Rc1 Phpbb Group Phpbb 2.0_Rc2 Phpbb Group Phpbb 2.0_Rc3 Phpbb Group Phpbb 2.0_Rc4	29

Packetstorm

data source	https://packetstormsecurity.com/files/download/43590/phpBB2.0.19.txt
id	PACKETSTORM:43590
last seen	2016-12-05
published	2006-02-06
reporter	Maksymilian Arciemowicz
source	https://packetstormsecurity.com/files/43590/phpBB2.0.19.txt.html
title	phpBB2.0.19.txt

Summary

Vulnerable Configurations

Packetstorm

References