Another security bug, this time with phpBB. You could possibly delete your entire Private Message inbox, but only if you are logged in and get sent some nasty code.
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability
See the link for the fix
Also if you didn't see the more urgent SQL injection in the Search module...
PHP-Nuke modules/Search/index.php SQL fix is here
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3212
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3212