Description

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

Remediation

References

CVE-2019-11767

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-7919)

WordPress Plugin ReFlex Gallery Cross-Site Scripting (3.1.4)

OpenSSL Other Vulnerability (CVE-2003-0543)

WordPress Plugin AddToAny Share Buttons Cross-Site Scripting (1.6.6)

MySQL Other Vulnerability (CVE-2004-0956)

Severity

Medium

Classification

CVE-2019-11767 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities