← All advisories

Moderate severityNVD Advisory· Published Jan 14, 2020· Updated Aug 4, 2024

CVE-2020-5502

CVE-2020-5502

Description

phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
phpbb/phpbbPackagist	< 3.2.9	3.2.9

Affected products

3

phpBB/phpBBdescription
osv-coords2 versions
pkg:bitnami/phpbb pkg:composer/phpbb/phpbb
>= 3.2.8, <= 3.2.8+ 1 more
- (no CPE)range: >= 3.2.8, <= 3.2.8
- (no CPE)range: < 3.2.9

Patches

Vulnerability mechanics

References

4

github.com/advisories/GHSA-69q7-hww4-8pjqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-5502ghsaADVISORY
blog.phpbb.com/category/security/mitrex_refsource_MISC
www.phpbb.com/community/viewtopic.phpghsax_refsource_CONFIRMWEB

News mentions

0

No linked articles in our index yet.