cve/CVE-2019-13376.md at 594c8e952101730b1f9f9e6ac2afce8de85a4446

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

723 B

Raw Blame History

CVE-2019-13376

Description

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

POC

Reference

https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss

Github

https://github.com/SexyBeast233/SecBooks

723 B Raw Blame History

CVE-2019-13376

Description

POC

Reference

Github

723 B

Raw Blame History