Unrated severityNVD Advisory· Published Sep 1, 2009· Updated Jun 16, 2026
CVE-2008-7143
CVE-2008-7143
Description
phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.