-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpbb/phpbb | composer | < 3.0.4 | 3.0.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing forum password verification when quoting posts from password-protected forums in private messages. The commit fce23bc adds this check by querying forum_password and invoking login_forum_box, indicating the original function compose_pm in ucp_pm_compose.php lacked these security checks prior to 3.0.4. This omission allowed attackers to bypass forum password protections through PM quoting.
A Semantic Attack on Google Gemini - Read the Latest Research