Description

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

Remediation

References

CVE-2017-1000419

Related Vulnerabilities

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-14630)

XWiki Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-48240)

WordPress Plugin Mailster-Email Newsletter for WordPress Local File Inclusion (4.0.6)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31780)

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2740)

Severity

High

Classification

CVE-2017-1000419 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities