VDB
CVE-2015-1432
CVE-2015-1432
PUBLISHED
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.
EPSS 0.51% · 66.7th percentile
Risk Scores
EPSS Score
0.51%
66.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | phpbb3 | 0, 3.0.11-5, 3.0.12-1 |
Exploit Intelligence
- [oss-security] 20150131 Re: CVE request: phpbb3 CSRF and CSS injection (circl)
- https://wiki.phpbb.com/Release_Highlights/3.0.13 (circl)
- GLSA-201701-25 (circl)
- phpbb3-cve20151432-csrf(100671) (circl)
- https://github.com/phpbb/phpbb/commit/23069a13e203985ab124d1139e8de74b12778449 (circl)
- https://github.com/phpbb/phpbb/pull/3311 (circl)
- 72399 (circl)
- https://tracker.phpbb.com/browse/PHPBB3-13526 (circl)
Timeline
- Feb 10, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-1432 third-party-advisory
- https://tracker.phpbb.com/browse/PHPBB3-13526 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-1432 third-party-advisory