Description
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.
Remediation
References
Related Vulnerabilities
Jenkins CVE-2023-43494 Vulnerability (CVE-2023-43494)
Python Other Vulnerability (CVE-2005-0089)
WordPress Plugin Bitcoin/Altcoin Faucet Cross-Site Request Forgery (1.6.0)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (5.7)
WordPress Plugin Downloads Manager 'upload.php' Arbitrary File Upload (0.2)