Infosecurity Magazine

Critical phpBB Flaw Lets Attackers Hijack Any Account with One Request

An attacker who gets a logged-in victim to load a crafted URL can silently bind their own OAuth credential to the victim's ...
Bleeping Computer

phpBB forum fixes auth bypass bug lurking for a decade

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. The flaw does not have an identifier and is ...

Phpbb Rushes Patch For Silent Account Hijack Arabian Post

Phpbb Rushes Patch For Silent Account Hijack Arabian Post. clearfix>phpBB administrators have been urged to upgrade immediately after researchers disclosed two authentication weaknesses that could ...