Phpbb Group » Phpbb » 2.0.6c : Security Vulnerabilities, CVEs, Published In 2006 (CSRF)
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.
Max CVSS
5.0
EPSS Score
2.98%
Published
2006-02-06
Updated
2017-07-20
1 vulnerabilities found