Open redirect in phpBB - CVE-2015-3880

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU38234

Open redirect in phpBB - CVE-2015-3880

Published: September 19, 2017 / Updated: August 8, 2020


Vulnerability identifier: #VU38234
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-3880
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: phpBB Group
Affected software:
phpBB

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.


How to mitigate CVE-2015-3880

Install update from vendor's website.

Sources