-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpbb/phpbb | composer | = 3.2.7 | 3.2.8 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing form token validation in attachment deletion workflows. phpBB 3.2.8's release notes explicitly mention adding CSRF protection to previously unprotected forms. The helper functions handling attachment management in 3.2.7 would lack the check_form_key() validation that was later added in 3.2.8. The controller helper and attachment deletion classes are core components responsible for processing attachment operations, making them the most likely candidates for the missing validation.