Launchpad.net

CVE 2008-0471

Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.

Related bugs and status

CVE-2008-0471 (Candidate) is related to these bugs:

Bug #191201: [phpbb2] several remote vulnerabilities

		In	Importance	Status
191201	[phpbb2] several remote vulnerabilities	phpbb2 (Ubuntu)	Undecided	Fix Released
191201	[phpbb2] several remote vulnerabilities	phpbb2 (Ubuntu Dapper)	Undecided	Won't Fix
191201	[phpbb2] several remote vulnerabilities	phpbb2 (Ubuntu Edgy)	Undecided	Won't Fix
191201	[phpbb2] several remote vulnerabilities	phpbb2 (Ubuntu Gutsy)	Undecided	Won't Fix
191201	[phpbb2] several remote vulnerabilities	phpbb2 (Ubuntu Feisty)	Undecided	Won't Fix
191201	[phpbb2] several remote vulnerabilities	phpbb2 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

SECUNIA: 28630
CONFIRM: http://bugs.debian.org...
DEBIAN: DSA-1488
SECUNIA: 28871
SREASON: 3585
BUGTRAQ: 20080123 phpBB 2.0.22 ...