CVE-2002-2346

2022-10-0316:23:49

mitre

www.cve.org

phpbb

avatar

naming

vulnerability

ip address

remote attackers

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.3%

JSON

phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.

References

online.securityfocus.com/archive/1/294560

www.iss.net/security_center/static/10323.php

www.securityfocus.com/bid/5923