Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpbb 信息泄露漏洞
Vulnerability Description
phpBB是一个开放源代码的网络论坛系统,使用PHP作为程序语言,并支持如MySQL、 PostgreSQL、MSSQL、Microsoft Access与Oracle[1]等的资料库. Phpbb存在信息泄露漏洞。当moderator或管理员关闭一个线程时,phpBB 2.0.23版本将会话ID包含在对modcp.php的请求中,这使得远程攻击者可以借助包含对远程主机图像的URL的thread中的一个存储,劫持会话。它可能将会话id包含在Referer头中。
CVSS Information
N/A
Vulnerability Type
N/A