phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.
References
| Link | Resource |
|---|---|
| https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136 | Vendor Advisory |
| https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html | Exploit Third Party Advisory |
| https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136 | Vendor Advisory |
| https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:04
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136 - Vendor Advisory | |
| References | () https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html - Exploit, Third Party Advisory |
Information
Published : 2018-01-02 19:29
Updated : 2024-11-21 03:04
NVD link : CVE-2017-1000419
Mitre link : CVE-2017-1000419
CVE.ORG link : CVE-2017-1000419
JSON object : View
Products Affected
phpbb
- phpbb
CWE
CWE-918
Server-Side Request Forgery (SSRF)