Lucene search
HistoryMar 14, 2005 - 5:00 a.m.
CVE-2005-0259
phpbb
local file read
remote avatar
security vulnerability
cve-2005-0259
6.3 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.0%
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the “Upload Avatar from a URL:” field to reference the target file.
Related
securityvulns
securityvulns
cert
cert
phpBB vulnerable to file disclosure
2005-02-25 00:00:00
ubuntucve
ubuntucve
CVE-2005-0259
2005-03-14 00:00:00
openvas
openvas
FreeBSD Ports: phpbb
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200503-02 (phpbb)
2008-09-24 00:00:00
nessus
nessus
GLSA-200503-02 : phpBB: Multiple vulnerabilities
2005-03-02 00:00:00
FreeBSD : phpbb -- multiple vulnerabilities (326c517a-d029-11d9-9aed-000e0c2e438a)
2005-07-13 00:00:00
phpBB <= 2.0.11 Multiple Vulnerabilities
2005-02-23 00:00:00
freebsd
freebsd
phpbb -- multiple vulnerabilities
2005-02-22 00:00:00
gentoo
gentoo
phpBB: Multiple vulnerabilities
2005-03-01 00:00:00
6.3 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.0%
Related for CVE-2005-0259