CVE-2020-550115.01.2020, 00:15phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.CSRFEnginsightSeverityMEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NAtk. VectorNETWORKAtk. ComplexityLOWPriv. RequiredNONEBase ScoreCVSS 3.xEPSS ScorePercentile: UnknownVendorProductVersionphpbbphpbb3.2.8𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-352 - Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Referenceshttps://blog.phpbb.com/category/security/https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536