CVE-2017-1000419: SSRF
First published: Tue Jan 02 2018(Updated: )
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phpbb Phpbb | =3.2.0 | |
| composer/phpbb/phpbb | =3.2.0 | 3.2.1 |
| =3.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this phpBB vulnerability?
The vulnerability ID for this phpBB vulnerability is CVE-2017-1000419.
What is the severity of CVE-2017-1000419?
The severity of CVE-2017-1000419 is high.
How does the phpBB vulnerability CVE-2017-1000419 work?
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function, allowing an attacker to perform port scanning, request internal content, and potentially attack internal services via the web application.
Which version of phpBB is affected by CVE-2017-1000419?
phpBB version 3.2.0 is affected by CVE-2017-1000419.
How do I fix the phpBB vulnerability CVE-2017-1000419?
To fix the phpBB vulnerability CVE-2017-1000419, upgrade to a patched version of phpBB.
- collector/nvd-index
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-9jm4-rg99-566c
- alias/CVE-2017-1000419
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- vendor/phpbb
- canonical/phpbb phpbb
- version/phpbb phpbb/3.2.0
- package-manager/composer