6.1

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2015-3880

GHSA ID

GHSA-hwq7-cvp8-6hm3

EPSS Score

0.71394%

CWE

CWE-601

Published

5/17/2022

Updated

8/3/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2015-3880

CVE-2015-3880: phpBB Open Redirect

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2015-3880

CVE-2015-3880:

6.1

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2015-3880

GHSA ID

GHSA-hwq7-cvp8-6hm3

EPSS Score

0.71394%

CWE

CWE-601

Published

5/17/2022

Updated

8/3/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
phpbb/phpbb	composer	< 3.0.14	3.0.14
phpbb/phpbb	composer	>= 3.1.0, < 3.1.4	3.1.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows critical modifications to the redirect() function in phpBB/includes/functions.php. The original code allowed redirects to proceed if the host didn't match by naively resetting the URL to generate_board_url(), which could be bypassed via URL obfuscation techniques (e.g., embedded credentials, subdomain tricks). The added checks (strpos() validation and error triggers) directly address the open redirect flaw. The test cases in redirect_test.php confirm scenarios where external/abnormal URLs were previously allowed but now blocked. This aligns with the CVE's description of insufficient validation for Chrome-specific attack vectors.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2015-3880: phpBB Open Redirect

CVE-2015-3880:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

6.1

6.1

CVE-2015-3880: phpBB Open Redirect

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI