Description
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.
Remediation
References
Related Vulnerabilities
Ruby on Rails Improper Access Control Vulnerability (CVE-2015-7577)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1581)
WordPress 3.8.4 Multiple Vulnerabilities (3.8 - 3.8.4)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0005)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31778)