Description phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. Remediation References CVE-2020-5501 Related Vulnerabilities EspoCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7985) TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11069) WordPress Plugin WP eCommerce SQL Injection (3.11.3) Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.9.24) MySQL CVE-2014-2450 Vulnerability (CVE-2014-2450) Severity Medium Classification CVE-2020-5501 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities