First published: Wed Mar 11 2020(Updated: )
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Phpbb Phpbb | =3.2.7 | |
composer/phpbb/phpbb | =3.2.7 | 3.2.8 |
=3.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-16107 is medium with a CVSS score of 4.3.
CVE-2019-16107 affects phpBB version 3.2.7.
CVE-2019-16107 is a vulnerability that allows CSRF in deleting post attachments due to missing form token validation in phpBB 3.2.7.
To fix CVE-2019-16107, upgrade phpBB to a version that includes the necessary form token validation.
You can find more information about CVE-2019-16107 on the phpBB community forums and the phpBB topic linked in the references.