phpBB patched a major vulnerability that can allow threat actors to hijack any users' session.
The bug impacts all phpBB versions released over the past decade.
Forums are vulnerable in their default setup if OAuth authentication is enabled.
www.aikido.dev/blog/phpbb-a...
Aikido Security discovered a critical unauthenticated authentication bypass in phpBB affecting tens of millions of users. A single HTTP request is all it takes to take over any account — a vulnerabili...
