Unrated severityNVD Advisory· Published Feb 10, 2015· Updated Jun 17, 2026
CVE-2015-1432
CVE-2015-1432
Description
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
8- seclists.org/oss-sec/2015/q1/373nvd
- www.securityfocus.com/bid/72399nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/100671nvd
- github.com/phpbb/phpbb/commit/23069a13e203985ab124d1139e8de74b12778449nvd
- github.com/phpbb/phpbb/pull/3311nvd
- security.gentoo.org/glsa/201701-25nvd
- tracker.phpbb.com/browse/PHPBB3-13526nvd
- wiki.phpbb.com/Release_Highlights/3.0.13nvd
News mentions
0No linked articles in our index yet.