Description

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

Remediation

References

CVE-2019-11767

Related Vulnerabilities

Moodle Improper Input Validation Vulnerability (CVE-2018-1137)

Internet Information Services Other Vulnerability (CVE-2002-0869)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0786)

WordPress Plugin Gravity Forms-Clockwork SMS Cross-Site Scripting (2.2)

XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296)

Severity

Medium

Classification

CVE-2019-11767 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities