CVE-2008-7143

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Information Leak / Disclosure

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 01/09/09 - Updated on 09/09/09

Description

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2008-7143

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
phpbbphpbb

Share this vulnerability with:

Twitter Facebook LinkedIn Mail