Vulnerability in Phpbb

CVE-2010-1627

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum.

EPSS: 0.001 (33.1th percentile) — read the EPSS interpretation.

Affected products

Phpbb — versions 3.0.7
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

[oss-security] 20100518 Re: CVE request: phpbb 3.0.7 and before 3.0.5 (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
[oss-security] 20100517 CVE request: phpbb 3.0.7 and before 3.0.5 (mailing-list, x_refsource_MLIST)