Security Advisory

CVE-2019-16993

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-30 11:30:40

Last updated 2024-08-05 01:24:48

Assigner mitre

State PUBLISHED

Description

In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.

← Browse all CVEs View on cve.org ↗