Description
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.
Remediation
References
Related Vulnerabilities
Drupal Improper Input Validation Vulnerability (CVE-2012-1589)
WordPress Plugin Skype Legacy Buttons Multiple Vulnerabilities (3.0.4)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.5.3)
Zenphoto Other Vulnerability (CVE-2007-0616)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1914)