Description
phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-2322 Vulnerability (CVE-2011-2322)
WordPress Plugin WOOF-Products Filter for WooCommerce Multiple Vulnerabilities (1.1.4.2)
WordPress Plugin Slideshow Gallery LITE Arbitrary File Upload (1.4.6)
Vanilla Forums Other Vulnerability (CVE-2011-3614)
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.2.0.727)