CVE-2004-1950 — Use of Less Trusted Source in Group Phpbb

CWE-348 — Use of Less Trusted Source3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 29.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedApr 19

Latest updateApr 29

Description

phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDphpbb_group/phpbb13 versions+12

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-553c-w3pr-f6rh: phpBB 2↗2022-04-29

▶

📐Framework References

CWE

Use of Less Trusted Source↗

▶