Back to search
CVE-2005-0259
Published: Feb 22, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
14362
third-party-advisory
x_refsource_SECUNIA
20050222 phpBB Group phpBB Arbitrary File Disclosure Vulnerability
third-party-advisory
x_refsource_IDEFENSE
GLSA-200503-02
vendor-advisory
x_refsource_GENTOO
http://www.phpbb.com/support/documents.php?mode=changelog
x_refsource_CONFIRM
VU#774686
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now