PT-2018-5195 · Phpbb · Phpbb

Published

2018-01-02

Updated

2022-05-14

CVE-2017-1000419

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions phpBB version 3.2.0

Description The issue allows an attacker to perform port scanning and request internal content, potentially attacking internal services via the web application due to a Server-Side Request Forgery (SSRF) vulnerability in the Remote Avatar function.

Recommendations For phpBB version 3.2.0, consider disabling the Remote Avatar function as a temporary workaround until a patch is available. Restrict access to internal services to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2017-1000419

GHSA-9JM4-RG99-566C

Affected Products

Phpbb

PT-2018-5195 · Phpbb · Phpbb

CVE-2017-1000419

Weakness Enumeration

Related Identifiers

Affected Products

References · 7