CVE-2015-3880

moderate-risk

Published 2017-09-19

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Do I need to act?

0.71% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Phpbb

Affected Vendors

Phpbb

References (12)

Mailing List http://www.openwall.com/lists/oss-security/2015/05/12/10

Third Party Advisory http://www.securityfocus.com/bid/74592

Patch https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04

Third Party Advisory https://wiki.phpbb.com/Release_Highlights/3.0.14

Third Party Advisory https://wiki.phpbb.com/Release_Highlights/3.1.4

Vendor Advisory https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941

Mailing List http://www.openwall.com/lists/oss-security/2015/05/12/10

Third Party Advisory http://www.securityfocus.com/bid/74592

Patch https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04

Third Party Advisory https://wiki.phpbb.com/Release_Highlights/3.0.14

Third Party Advisory https://wiki.phpbb.com/Release_Highlights/3.1.4

Vendor Advisory https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 2/34 · Minimal

Exposure 21/34 · High