vulnerability
Ubuntu: (CVE-2019-13376): phpbb3 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Sep 27, 2019 | Nov 19, 2024 | Aug 19, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 27, 2019
Added
Nov 19, 2024
Modified
Aug 19, 2025
Description
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
Solution
ubuntu-pro-upgrade-phpbb3
References
- CVE-2019-13376
- https://attackerkb.com/topics/CVE-2019-13376
- CWE-352
- CWE-79
- URL-https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f
- URL-https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
- URL-https://www.cve.org/CVERecord?id=CVE-2019-13376
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.