CVE-2019-16993: Cross-Site Request Forgery (CSRF)

September 30, 2019 (updated November 21, 2019)

In phpBB includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.

References

nvd.nist.gov/vuln/detail/CVE-2019-16993
www.phpbb.com/community/viewtopic.php?t=2352606
www.phpbb.com/support/documents.php?mode=changelog&version=3

Detect and mitigate CVE-2019-16993 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →