CVE-2005-0259

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0.11 and possibly other versions

Description The issue allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. This is possible when remote avatars and avatar uploading are enabled.

Recommendations For phpBB version 2.0.11, consider disabling the remote avatar and avatar uploading features until a fix is available. As a temporary workaround, restrict access to the avatar upload functionality to minimize the risk of exploitation.