First published: Tue Jan 14 2020(Updated: )
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Phpbb Phpbb | =3.2.8 | |
composer/phpbb/phpbb | =3.2.8 | 3.2.9 |
=3.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the CSRF attack on phpBB 3.2.8 is CVE-2020-5501.
CVE-2020-5501 has a severity level of medium, with a severity value of 4.3.
CVE-2020-5501 allows a CSRF attack that can modify a group avatar in phpBB 3.2.8.
To fix the CSRF vulnerability in phpBB 3.2.8, update to a version that includes a fix for the vulnerability.
You can find more information about CVE-2020-5501 in the following references: [Link 1](https://blog.phpbb.com/category/security/), [Link 2](https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536).