Description
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
Remediation
References
Related Vulnerabilities
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.6.4)
WordPress Plugin WP Google Maps Cross-Site Scripting (7.11.34)
PHP Double Free Vulnerability (CVE-2019-11049)
WordPress Plugin Stripe Payment for WooCommerce Cross-Site Scripting (3.5.9)
WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)