Arbitrary File Read Vulnerability in phpBB 2.0.11 and Other Versions with Remote Avatars

Arbitrary File Read Vulnerability in phpBB 2.0.11 and Other Versions with Remote Avatars

CVE-2005-0259 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.

Learn more about our User Device Pen Test.