Description

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

Remediation

References

CVE-2019-11767

Related Vulnerabilities

WordPress Plugin Users Ultra SQL Injection (1.5.15)

WordPress Plugin WP Product Review Lite Unspecified Vulnerability (3.7.6)

WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)

WordPress Plugin Theme Test Drive Multiple Vulnerabilities (2.9)

WordPress Plugin WP Inimat Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2019-11767 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities