Ravens PHP Scripts

Nuke Security 2008
Date: Tuesday, January 29, 2008 @ 10:18:10 CET
Topic: Security

Another security bug, this time with phpBB. You could possibly delete your entire Private Message inbox, but only if you are logged in and get sent some nasty code.

phpBB 2.0.22 Remote PM Delete XSRF Vulnerability

See the link for the fix

Also if you didn't see the more urgent SQL injection in the Search module...
PHP-Nuke modules/Search/index.php SQL fix is here

This article comes from Ravens PHP Scripts

The URL for this story is: