-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpbb/phpbb | composer | < 3.1.7-PL1 | 3.1.7-PL1 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from missing CSRF protection in the BBCode management functionality. The GitHub patch adds a form key check (check_form_key) to the main function in acp_bbcodes.php, indicating this was the missing security measure. The original code processed submissions without validating the CSRF token, making the function vulnerable to CSRF attacks when combined with session ID exposure.
A Semantic Attack on Google Gemini - Read the Latest Research