Description

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

Remediation

References

CVE-2017-1000419

Related Vulnerabilities

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51490)

WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (1.0.0)

WordPress Plugin WP-Members Membership Cross-Site Request Forgery (3.2.7)

WordPress Plugin WP-SpamFree Anti-Spam 'id' Parameter SQL Injection (3.2.1)

PleskLin Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-43784)

Severity

High

Classification

CVE-2017-1000419 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities