First published: Sat Jul 25 2020(Updated: )
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/phpbb/phpbb | >=3.2.0<3.2.10>=3.3.0<3.3.1 | |
Phpbb Phpbb | <3.2.10 | |
Phpbb Phpbb | >=3.3.0<3.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-8226 is medium with a CVSS score of 5.8.
The affected software of CVE-2020-8226 is phpBB versions <v3.2.10 and <v3.3.1.
The vulnerability CVE-2020-8226 can be exploited by using remote image dimensions check to perform server-side request forgery (SSRF).
To fix CVE-2020-8226, it is recommended to upgrade to phpBB version 3.2.10 or 3.3.1 or apply the necessary patches.
More information about CVE-2020-8226 can be found at the following references: [Link 1](https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636), [Link 2](https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631).