Vulnerability Details CVE-2017-1000419
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136
- https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html
- https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136
- https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html