Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpBB 跨站请求伪造漏洞
Vulnerability Description
phpBB是一套开源的且基于PHP语言的Web论坛软件。该软件具有支持多国语言、多种数据库和自定义版面设计等特点。 phpBB 3.1.7-PL1之前版本中存在跨站请求伪造漏洞。该漏洞源于‘includes/acp/acp_bbcodes.php’文件没有正确验证位于管理控制面板BBCode页面上的CSRF令牌。攻击者可利用该漏洞发送格式错误的HTTP请求。
CVSS Information
N/A
Vulnerability Type
N/A