CVE-2002-2346

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0 through 2.0.3

Description The issue allows remote attackers to obtain client IP addresses by exploiting how uploaded avatar files are named with the hex-encoded IP address of the client system.

Recommendations For phpBB versions 2.0 through 2.0.3, consider modifying the avatar upload functionality to avoid using client IP addresses in file names until a proper fix is available. As a temporary workaround, restrict access to the avatar upload feature to minimize the risk of IP address exposure.