CVE-2006-4450

2006-08-3001:00:00

mitre

www.cve.org

AI Score

6.6

Confidence

Low

EPSS

0.061

Percentile

93.6%

JSON

usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.

References

archives.neohapsis.com/archives/bugtraq/2006-05/0238.html

secunia.com/advisories/20093

securityreason.com/securityalert/1470

www.securityfocus.com/bid/17965

exchange.xforce.ibmcloud.com/vulnerabilities/26537