phpBB 2.0 up to and including 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote malicious users to obtain client IP addresses.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpbb phpbb 2.0 |
||
phpbb phpbb 2.0.2 |
||
phpbb phpbb 2.0.1 |
||
phpbb phpbb 2.0.3 |