8
CVE-2026-48612
- EPSS 0.12%
- Veröffentlicht 12.06.2026 02:27:43
- Zuletzt bearbeitet 12.06.2026 16:15:57
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerphpBB
≫
Produkt
phpBB
Default Statusunaffected
Version <=
3.3.16
Version
3.3.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.022 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| support@hackerone.com | 8 | 1.3 | 6 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://www.phpbb.com/community/viewtopic.php?t=2672170