CVE-2008-0471

Phpbb - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.

References (6)

[Issue Tracking] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589

[Vendor Advisory] http://secunia.com/advisories/28630

[Third Party Advisory] http://secunia.com/advisories/28871

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487004/100/0/threaded

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1488

[Third Party Advisory] http://securityreason.com/securityalert/3585

Scores

EPSS 0.0024

EPSS Percentile 47.2%

Classification

CWE

CWE-352

Status draft

Affected Products (1)

phpbb/phpbb

Timeline

Published Jan 29, 2008

Tracked Since Feb 18, 2026