Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-16107)

Description

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments.

Remediation

References

Related Vulnerabilities

WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions Security Bypass (2.3.2)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-30177)

Apache HTTP Server CVE-2013-2249 Vulnerability (CVE-2013-2249)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6124)

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8903)

Severity

Medium

Classification

CVE-2019-16107 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities