Описание
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
Ссылки
- PatchVendor Advisory
- Exploit
- PatchVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpbb_group:phpbb:2.0.20:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04788
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 19 лет назад
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, a ...
github
больше 3 лет назад
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
EPSS
Процентиль: 88%
0.04788
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other