Описание
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
Ссылки
- PatchVendor Advisory
- Exploit
- PatchVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04788
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 19 лет назад
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, a ...
github
почти 4 года назад
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
EPSS
Процентиль: 89%
0.04788
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other