GHSA-9jm4-rg99-566c

Suggest an improvement
Source
https://github.com/advisories/GHSA-9jm4-rg99-566c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9jm4-rg99-566c/GHSA-9jm4-rg99-566c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9jm4-rg99-566c
Aliases
Published
2022-05-14T03:50:04Z
Modified
2024-04-24T18:11:36.320718Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
phpBB Server-Side Request Forgery (SSRF)
Details

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

References

Affected packages

Packagist / phpbb/phpbb

Package

Name
phpbb/phpbb
Purl
pkg:composer/phpbb/phpbb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.2.0
Fixed
3.2.1

Affected versions

3.*

3.2.0
3.2.1-RC1