CVE-2008-0471

Published: 29 January 2008

Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.

Priority

Low

Status

Package Release Status
phpbb2
Launchpad, Ubuntu, Debian
Upstream Needed

Patches:
Vendor: http://www.debian.org/security/2008/dsa-1488