GHSA-4hx9-p925-qcv7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4hx9-p925-qcv7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4hx9-p925-qcv7/GHSA-4hx9-p925-qcv7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4hx9-p925-qcv7
- Aliases
- Published
- 2022-05-24T16:45:11Z
- Modified
- 2024-04-24T18:11:36.540642Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
- Summary
- phpBB Server side request forgery (SSRF)
- Details
-
Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.
- Database specific
{ "nvd_published_at": "2019-05-05T06:29:00Z", "cwe_ids": [ "CWE-918" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-24T17:45:12Z" }- References
Affected packages
Packagist / phpbb/phpbb
Package
- Name
- phpbb/phpbb
- Purl
- pkg:composer/phpbb/phpbb
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.6
Affected versions
3.*
3.0.12-RC1
3.0.12-RC2
3.0.12-RC3
3.0.12
3.0.13-PL1
3.0.13-RC1
3.0.13
3.0.14-RC1
3.0.14
3.1.0-a1
3.1.0-a2
3.1.0-a3
3.1.0-b1
3.1.0-b2
3.1.0-b3
3.1.0-b4
3.1.0-RC1
3.1.0-RC2
3.1.0-RC3
3.1.0-RC4
3.1.0-RC5
3.1.0-RC6
3.1.0
3.1.1
3.1.2-RC1
3.1.2
3.1.3-RC1
3.1.3-RC2
3.1.3
3.1.4-RC1
3.1.4-RC2
3.1.4
3.1.5-RC1
3.1.5
3.1.6-RC1
3.1.6
3.1.7-RC1
3.1.7
3.1.7-pl1
3.1.8-RC1
3.1.8
3.1.9-RC1
3.1.9
3.1.10-RC1
3.1.10
3.1.11-RC1
3.1.11
3.1.12
3.2.0-a1
3.2.0-b2
3.2.0-RC1
3.2.0-RC2
3.2.0
3.2.1-RC1
3.2.1
3.2.2-RC1
3.2.2
3.2.3-RC1
3.2.3-RC2
3.2.3
3.2.4-RC1
3.2.4
3.2.5-RC1
3.2.5
3.2.6-RC1