6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.1%
The phpBB input validation methods may fail to sanitize user input resulting in a disclosure of arbitrary file data.
phpBB is a customizable open source bulletin board package. It contains functionality that allows users to specify graphic files for use as “avatars.” These files may be located on a remote server or on a filesystem. However, a local file upload path using the default, temporary remote server name can cause the remote phpBB server to interpret a file local to the server as the avatar file. This file will then be made available to theuser for download or viewing.
If the remote avatar and remote avatar uploading functions are enabled (which are disabled by default), a remote, authenticated attacker who is allowed to specify remote avatars may be able to access arbitrary files on the phpBB server with the permissions of the web server.
Apply an update
phpBB versions 2.0.12 and later do not contain this flaw. The phpBB web page contains additional information and downloads.
As a workaround, administrators may disable remote avatars and remote avatar uploading. These features are disabled by default.
774686
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 24, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The phpBB web page contains additional information and downloads.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23774686 Feedback>).
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A |
Thanks to AnthraX101 for reporting this vulnerability.
This document was written by Ken MacInnis.
CVE IDs: | CVE-2005-0259 |
---|---|
Severity Metric: | 3.75 Date Public: |