Ravens PHP Scripts

Nuke Security 2008
Date: Tuesday, January 29, 2008 @ 09:18:10 PST
Topic: Security


Another security bug, this time with phpBB. You could possibly delete your entire Private Message inbox, but only if you are logged in and get sent some nasty code.

phpBB 2.0.22 Remote PM Delete XSRF Vulnerability

See the link for the fix

Also if you didn't see the more urgent SQL injection in the Search module...
PHP-Nuke modules/Search/index.php SQL fix is here









This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3212