Description
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
Remediation
References
Related Vulnerabilities
WordPress Plugin CallRail Phone Call Tracking Cross-Site Request Forgery (0.4.9)
Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)
ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003)
Oracle Database Server CVE-2011-0816 Vulnerability (CVE-2011-0816)