CVE-2019-11767

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11767

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11767.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11767

Aliases

GHSA-4hx9-p925-qcv7

Downstream

UBUNTU-CVE-2019-11767

Published

2019-05-05T06:29:00.647Z

Modified

2026-04-10T04:14:21.286780Z

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

References

https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941

Affected packages

Git / github.com/phpbb/phpbb

Affected ranges

Type

GIT

Repo

https://github.com/phpbb/phpbb

Events

Introduced

Fixed

2575b499a38ccf2480d5da9d5c566f47a9e2d824

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.6"
        }
    ]
}

Affected versions

release-3.*

release-3.2.6-RC1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11767.json"