Description

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

Remediation

References

CVE-2017-1000419

Related Vulnerabilities

MySQL CVE-2020-2898 Vulnerability (CVE-2020-2898)

PHP Other Vulnerability (CVE-2004-0595)

WordPress Plugin Duplicator-WordPress Migration Unspecified Vulnerability (1.1.34)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5455)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1347)

Severity

High

Classification

CVE-2017-1000419 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities