Description
Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.
Affected products
- phpBB / phpBB2.0.22 – 2.0.22
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/28871
- MISChttp://securityreason.com/securityalert/3585
- VENDOR_ADVISORYhttp://www.debian.org/security/2008/dsa-1488
- VENDOR_ADVISORYhttp://secunia.com/advisories/28630
- VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589
- MISChttp://www.securityfocus.com/archive/1/487004/100/0/threaded