CVE-2017-1000419Server-Side Request Forgery in Phpbb

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpbb
Timeline
PublishedJan 2
Latest updateMay 14

Description

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Packagistphpbb/phpbb3.2.03.2.1
NVDphpbb/phpbb3.2.0

🔴Vulnerability Details

2
OSV
phpBB Server-Side Request Forgery (SSRF)2022-05-14
GHSA
phpBB Server-Side Request Forgery (SSRF)2022-05-14