CVE-2019-11767
Published May 5, 2019
Last updated 6 years ago
Overview
- Description
- Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-918
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B22B4BA-3C74-4CCC-919C-24C98334FE0B",
"versionEndExcluding": "3.2.6"
}
],
"operator": "OR"
}
]
}
]