usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote malicious users to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpbb group phpbb 2.0.20 |