DSA-1488 phpbb2 -- several vulnerabilitiesID: oval:org.mitre.oval:def:8028 | Date: (C)2009-12-15 (M)2021-09-12 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in phpBB, a web based bulletin board. The Common Vulnerabilities and Exposures project identifies the following problems: Private messaging allowed cross site request forgery, making it possible to delete all private messages of a user by sending them to a crafted web page. Cross site request forgery enabled an attacker to perform various actions on behalf of a logged in user. (Applies to sarge only.) A negative start parameter could allow an attacker to create invalid output. (Applies to sarge only.) Redirection targets were not fully checked, leaving room for unauthorised external redirections via a phpBB forum. (Applies to sarge only.) An authenticated forum administrator may upload files of any type by using specially crafted filenames. (Applies to sarge only.)
Platform: |
Debian 4.0 |
Debian 3.1 |