Description

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

Remediation

References

CVE-2019-11767

Related Vulnerabilities

WordPress Plugin BulletProof Security Cross-Site Scripting (.53.3)

Resin Application Server Other Vulnerability (CVE-2004-0281)

Oracle Application Server Other Vulnerability (CVE-2007-0222)

MySQL CVE-2020-14651 Vulnerability (CVE-2020-14651)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000195)

Severity

Medium

Classification

CVE-2019-11767 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities