CVE-2019-16993

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-16993
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16993.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-16993
Aliases
Related
Published
2019-09-30T12:15:10Z
Modified
2024-08-01T08:43:33.982691Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.

References

Affected packages

Git / github.com/phpbb/phpbb

Affected ranges

Type
GIT
Repo
https://github.com/phpbb/phpbb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

release-3.*

release-3.0-B1
release-3.0-B2
release-3.0-B3
release-3.0-B4
release-3.0-B5
release-3.0-RC1
release-3.0-RC2
release-3.0-RC3
release-3.0-RC4
release-3.0-RC5
release-3.0-RC6
release-3.0-RC7
release-3.0-RC8
release-3.0.0
release-3.0.1
release-3.0.1-RC1
release-3.0.10
release-3.0.10-RC1
release-3.0.10-RC2
release-3.0.10-RC3
release-3.0.11-RC1
release-3.0.11-RC2
release-3.0.12-RC1
release-3.0.12-RC2
release-3.0.12-RC3
release-3.0.13-PL1
release-3.0.13-RC1
release-3.0.14
release-3.0.14-RC1
release-3.0.2
release-3.0.2-RC1
release-3.0.2-RC2
release-3.0.3
release-3.0.3-RC1
release-3.0.4
release-3.0.4-RC1
release-3.0.5
release-3.0.5-RC1
release-3.0.6
release-3.0.6-RC1
release-3.0.6-RC2
release-3.0.6-RC3
release-3.0.6-RC4
release-3.0.7
release-3.0.7-PL1
release-3.0.7-RC1
release-3.0.7-RC2
release-3.0.8
release-3.0.8-RC1
release-3.0.9
release-3.0.9-RC1
release-3.0.9-RC2
release-3.0.9-RC3
release-3.0.9-RC4
release-3.1.0
release-3.1.0-RC1
release-3.1.0-RC2
release-3.1.0-RC3
release-3.1.0-RC4
release-3.1.0-RC5
release-3.1.0-RC6
release-3.1.0-a1
release-3.1.0-a2
release-3.1.0-a3
release-3.1.0-b1
release-3.1.0-b2
release-3.1.0-b3
release-3.1.0-b4
release-3.1.1
release-3.1.2
release-3.1.2-RC1
release-3.1.3
release-3.1.3-RC1
release-3.1.3-RC2
release-3.1.4
release-3.1.4-RC1
release-3.1.4-RC2