CVE-2019-16108: Code Injection
First published: Thu Mar 19 2020(Updated: )
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phpbb Phpbb | =3.2.7 | |
| composer/phpbb/phpbb | =3.2.7 | 3.2.8 |
| =3.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for phpBB 3.2.7?
The vulnerability ID for phpBB 3.2.7 is CVE-2019-16108.
What is the severity level of CVE-2019-16108?
The severity level of CVE-2019-16108 is high.
How does CVE-2019-16108 impact phpBB?
CVE-2019-16108 allows an attacker to add an arbitrary CSS token sequence to a page through BBCode, potentially leading to CSS injection and various types of attacks.
How can I fix the vulnerability in phpBB 3.2.7?
To fix the vulnerability in phpBB 3.2.7, it is recommended to update to a version that addresses the issue.
Where can I find more information about CVE-2019-16108?
You can find more information about CVE-2019-16108 at https://www.phpbb.com/community/viewtopic.php?t=2523271.
- collector/nvd-index
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-8hc2-hvrc-x4qr
- alias/CVE-2019-16108
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/description
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/trending
- vendor/phpbb
- canonical/phpbb phpbb
- version/phpbb phpbb/3.2.7
- package-manager/composer