Description

Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.

Remediation

References

CVE-2008-0471

Related Vulnerabilities

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9405)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17571)

MySQL CVE-2019-2879 Vulnerability (CVE-2019-2879)

WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (1.2.0)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5485)

Severity

Medium

Classification

CVE-2008-0471 CWE-352

Tags

Missing Update Known Vulnerabilities