Vulnerability Name:

CVE-2006-6508 (CCN-30786)

Assigned:2006-12-07
Published:2006-12-07
Updated:2017-07-29
Summary:Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors.
Note: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS v3 Severity:2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Dec 07 2006 - 12:10:36 CST
phpbb 2.0.x [xss]

Source: MITRE
Type: CNA
CVE-2006-6508

Source: CCN
Type: SA23283
phpBB privmsg.php Cross-Site Request Forgery and Cross-Site Scripting

Source: SECUNIA
Type: Vendor Advisory
23283

Source: SECUNIA
Type: UNKNOWN
28871

Source: DEBIAN
Type: UNKNOWN
DSA-1488

Source: DEBIAN
Type: DSA-1488
phpbb2 -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 35451
phpBB Unauthorized Message Unspecified CSRF

Source: CCN
Type: phpBB Web site
phpBB Add Name

Source: XF
Type: UNKNOWN
phpbb-message-csrf(30786)

Source: XF
Type: UNKNOWN
phpbb-message-csrf(30786)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpbb_group:phpbb:2.0.21:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:8028
    P
    		DSA-1488 phpbb2 -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:20353
    P
    		DSA-1488-1 phpbb2 - several vulnerabilities
    2014-06-23
    oval:org.debian:def:1488
    V
    		several vulnerabilities
    2008-02-09
    BACK
    phpbb_group phpbb 2.0.21