Unrated severityNVD Advisory· Published Feb 10, 2015· Updated May 6, 2026

CVE-2015-1432

Description

The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/oss-sec/2015/q1/373nvd
www.securityfocus.com/bid/72399nvd
exchange.xforce.ibmcloud.com/vulnerabilities/100671nvd
github.com/phpbb/phpbb/commit/23069a13e203985ab124d1139e8de74b12778449nvd
github.com/phpbb/phpbb/pull/3311nvd
security.gentoo.org/glsa/201701-25nvd
tracker.phpbb.com/browse/PHPBB3-13526nvd
wiki.phpbb.com/Release_Highlights/3.0.13nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000