Description

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum.

Remediation

References

CVE-2010-1627

Related Vulnerabilities

WordPress Plugin Affiliate Ads for Clickbank Products Cross-Site Scripting (1.6)

WordPress Plugin PowerPack Lite for Beaver Builder Cross-Site Scripting (1.3.0)

WordPress 'xmlrpc.php' Remote Security Bypass Vulnerability (3.0.1 - 3.0.2)

WordPress Plugin wpCentral Security Bypass (1.4.7)

Drupal Core 6.x Security Bypass (6.0 - 6.1)

Severity

Medium

Classification

CVE-2010-1627 CWE-264

Tags

Missing Update Known Vulnerabilities