Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 14/03/2005 Updated: 10/09/2008

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpbb group phpbb 2.0.1
phpbb group phpbb 2.0.10
phpbb group phpbb 2.0.11
phpbb group phpbb 2.0.2
phpbb group phpbb 2.0.3
phpbb group phpbb 2.0_rc3
phpbb group phpbb 2.0_rc4
phpbb group phpbb 2.0.0
phpbb group phpbb 2.0.5
phpbb group phpbb 2.0.6c
phpbb group phpbb 2.0.8a
phpbb group phpbb 2.0_beta1
phpbb group phpbb 2.0_rc2
phpbb group phpbb 2.0.6d
phpbb group phpbb 2.0.7
phpbb group phpbb 2.0.7a
phpbb group phpbb 2.0.8
phpbb group phpbb 2.0.4
phpbb group phpbb 2.0.6
phpbb group phpbb 2.0.9
phpbb group phpbb 2.0_rc1

NVD-CWE-Other http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities http://www.phpbb.com/support/documents.php?mode=changelog http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml http://www.kb.cert.org/vuls/id/774686 http://secunia.com/advisories/14362/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/774686

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-0259

Vulnerability Summary

References

Vulmon Search

About

Products

Connect