CVE-2017-1000419

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000419

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000419.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000419

Aliases

GHSA-9jm4-rg99-566c

Published

2018-01-02T19:29:00.207Z

Modified

2026-04-10T03:54:39.669353Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

References

Affected packages

Git / github.com/phpbb/phpbb

Affected ranges

Type

GIT

Repo

https://github.com/phpbb/phpbb

Events

Introduced

Last affected

830a384988587c817d9426fade09d6dd227def5d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.0"
        }
    ]
}

Affected versions

release-3.*

release-3.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000419.json"