HTTP: phpBB Avatar Upload
This signature detects attempts to exploit a known vulnerability in the upload avatar included with PHP Bulletin Board (PHPBB). Attackers can use the avatar to obtain sensitive information.
Extended Description
phpBB is affected by an arbitrary file disclosure vulnerability. This issue arises due to an input validation error allowing an attacker to disclose files in the context of a Web server running the application. This may allow the attacker to gain access to sensitive data that may be used to carry out further attacks against a vulnerable computer. A successful attack requires the attacker to have a user account and the presence of some non-default settings allowing for the uploading of remote avatars. phpBB 2.0.11 and prior versions are affected by this issue.
Affected Products
Phpbb_group phpbb
Short Name
HTTP:PHP:PHPBB:AVATAR-UPLOAD
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Avatar CVE-2005-0259 Upload bid:12621 phpBB
Release Date
05/10/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Phpbb_group
Gentoo
CVSS Score
6.4