CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-7143

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.5%

CVSS Severity

CVSS v2 Score 6.8

References

http://osvdb.org/51121
http://www.securityfocus.com/archive/1/489815/100/0/threaded
http://osvdb.org/51121
http://www.securityfocus.com/archive/1/489815/100/0/threaded

Products affected by CVE-2008-7143

Phpbb » Phpbb » Version: 2.0.23

cpe:2.3:a:phpbb:phpbb:2.0.23

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-7143

Products

Pricing

Contact Us