First published: Sun May 05 2019(Updated: )
Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Phpbb Phpbb | <3.2.6 | |
composer/phpbb/phpbb | <3.2.6 | 3.2.6 |
<3.2.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11767 is a Server Side Request Forgery (SSRF) vulnerability in phpBB before version 3.2.6.
CVE-2019-11767 allows an attacker to check for the existence of files and services on the local network of the host through the remote avatar upload function.
No, phpBB version 3.2.6 is not affected by CVE-2019-11767.
CVE-2019-11767 has a severity score of 5.8, which is considered medium.
To fix CVE-2019-11767, you should upgrade phpBB to version 3.2.6 or newer.