Description
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
Remediation
References
Related Vulnerabilities
WordPress Plugin Redirection Cross-Site Request Forgery (1.1.3)
phpMyAdmin CVE-2013-3238 Vulnerability (CVE-2013-3238)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4448)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)
XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-32971)