CVE-2017-1000419

Source
https://cve.org/CVERecord?id=CVE-2017-1000419
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000419.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000419
Aliases
Published
2018-01-02T19:29:00.207Z
Modified
2026-07-08T12:05:08.503403Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

References

Affected packages

Git / github.com/phpbb/phpbb

Affected ranges

Type
GIT
Repo
https://github.com/phpbb/phpbb
Events
Database specific
{
    "cpe": "cpe:2.3:a:phpbb:phpbb:3.2.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.2.0"
        },
        {
            "last_affected": "3.2.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

3.*
3.2.0
release-3.*
release-3.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000419.json"