Evaders99 writes:Another security bug, this time with phpBB. You could possibly delete your entire Private Message inbox, but only if you are logged in and get sent some nasty code.
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability
See the link for the fix
Also if you didn't see the more urgent SQL injection in the Search module...
PHP-Nuke modules/Search/index.php SQL fix is here
|