CVE-2019-11767 — Server-Side Request Forgery in Phpbb

CWE-918 — Server-Side Request Forgery5 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 55.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb

Timeline

PublishedMay 5

Latest updateMay 24

Description

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDphpbb/phpbb< 3.2.6

▶Packagistphpbb/phpbb< 3.2.6

🔴Vulnerability Details

OSV

phpBB Server side request forgery (SSRF)↗2022-05-24

▶

GHSA

phpBB Server side request forgery (SSRF)↗2022-05-24

▶

OSV

CVE-2019-11767: Server side request forgery (SSRF) in phpBB before 3↗2019-05-05

▶

💬Community

Bugzilla

CVE-2018-11767 hadoop: Apache Hadoop KMS ACL regression↗2019-04-04

▶