Description

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

Remediation

References

CVE-2017-1000419

Related Vulnerabilities

WordPress Plugin WooCommerce Cross-Site Scripting (3.5.0)

WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Insecure Direct Object Reference (3.0.4)

WordPress 4.2.x Cross-Site Scripting Vulnerability (4.2 - 4.2.5)

OpenSSL Inadequate Encryption Strength Vulnerability (CVE-2014-0224)

WordPress Plugin Google Maps CP Cross-Site Scripting (1.0.3)

Severity

High

Classification

CVE-2017-1000419 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities