Vulnerabilities > CVE-2006-0438 - Unspecified vulnerability in PHPbb Group PHPbb

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

phpbb-group

NVD

Published: 2006-02-06

Updated: 2024-11-21

Summary

Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.

Vulnerable Configurations

Part	Description	Count
Application	Phpbb_Group Phpbb Group Phpbb 2.0.5 Phpbb Group Phpbb 2.0.7A Phpbb Group Phpbb 2.0.8 Phpbb Group Phpbb 2.0.11 Phpbb Group Phpbb 2.0.1 Phpbb Group Phpbb 2.0.13 Phpbb Group Phpbb 2.0.16 Phpbb Group Phpbb 2.0.3 Phpbb Group Phpbb 2.0_Rc2 Phpbb Group Phpbb 2.0_Rc1 Phpbb Group Phpbb 2.0.19 Phpbb Group Phpbb 2.0.4 Phpbb Group Phpbb 2.0.12 Phpbb Group Phpbb 2.0.9 Phpbb Group Phpbb 2.0.7 Phpbb Group Phpbb 2.0.8A Phpbb Group Phpbb 2.0.6D Phpbb Group Phpbb 2.0.2 Phpbb Group Phpbb 2.0.14 Phpbb Group Phpbb 2.0.10 Phpbb Group Phpbb 2.0.6C Phpbb Group Phpbb 2.0.15 Phpbb Group Phpbb 2.0_Rc4 Phpbb Group Phpbb 2.0.6 Phpbb Group Phpbb 2.0.0 Phpbb Group Phpbb 2.0.17 Phpbb Group Phpbb 2.0_Rc3 Phpbb Group Phpbb 2.0.18 Phpbb Group Phpbb 2.0_Beta1	29

Packetstorm

data source	https://packetstormsecurity.com/files/download/43590/phpBB2.0.19.txt
id	PACKETSTORM:43590
last seen	2016-12-05
published	2006-02-06
reporter	Maksymilian Arciemowicz
source	https://packetstormsecurity.com/files/43590/phpBB2.0.19.txt.html
title	phpBB2.0.19.txt

Summary

Vulnerable Configurations

Packetstorm

References