Description
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Gallery MaxGalleria Unspecified Vulnerability (6.0.8)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1150)
WordPress Plugin Leaflet 'id' Parameter Cross-Site Scripting (0.0.1)
WordPress Plugin Simple visitor stat Cross-Site Scripting (1.0)
WordPress Plugin Wufoo Shortcode Cross-Site Scripting (1.47)