vulnerability
Ubuntu: (CVE-2019-13376): phpbb3 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Sep 27, 2019 | Nov 19, 2024 | Apr 16, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 27, 2019
Added
Nov 19, 2024
Modified
Apr 16, 2026
Description
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
Solution
ubuntu-pro-upgrade-phpbb3
References
- CVE-2019-13376
- https://attackerkb.com/topics/CVE-2019-13376
- CWE-352
- CWE-79
- EUVD-EUVD-2022-2825
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-2825
- https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f
- https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
- https://www.cve.org/CVERecord?id=CVE-2019-13376
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.