Server-Side Request Forgery (SSRF)

phpbb/phpbb is vulnerable to server-side request forgery SSRF. A remote attacker is able to send requests on behalf of the server via the remote avatar upload function. This allows for the discovery of and access to services running on the host, resulting in bypass of firewall rules or potentiall...

phpBB < 3.2.6 Multiple Vulnerabilities

phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

UBUNTU-CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

Server side request forgery (ssrf)

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

CVE-2019-11767

Summary of CVE-2019-11767: A server-side request forgery (SSRF) vulnerability in phpBB prior to 3.2.6. The issue, triggered via the remote avatar upload function, enables an attacker to check for the existence of files and services on the host’s local network. Affected software: phpBB versions be...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

phpBB cross-site request forgery vulnerability (CNVD-2019-13384)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB versions prior to 3.2.6. The vulnerability stems from a web application...

phpBB 3.2.5 Denial Of Service Vulnerability

Vulnerability information ========================= Title: phpBB Native Fulltext Search denial of service CVE ID: CVE-2019-9826 CVSSv3 score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Vulnerability description ========================= Improper input validation in the Native Fulltext Search compone...

Denial of service

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...

CVE-2019-9826

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...

CVE-2019-9826

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...

CVE-2019-9826

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...

CVE-2019-9826

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...

CVE-2019-9826

The CVE-2019-9826 entry affects the phpBB project: the fulltext search component in phpBB versions prior to 3.2.6 is susceptible to a Denial of Service. The vulnerability is triggered by the fulltext search feature, leading to high resource consumption on certain boards. The connected sources con...

Denial Of Service (DoS)

phpbb/phpbb is vulnerable to denial of service. A remote attacker is able to crash the application by submitting malicious wildcard input to the keywords URL parameter in search.php. This is due to a lack of proper input validation...

phpBB 3.2.3 - Remote Code Execution Exploit

Exploit for php platform in category web applications phpBB 3.2.3 - Remote Code Execution Exploit // All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath =...

phpBB 3.2.3 Remote Code Execution

// All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath = 'phar://./../files/plupload/$saltaaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5'evil.zip' = aaae9cba5fdadb1f0c384934cd20d11czip // you...