<p>Upgrade <code>phpbb/phpbb</code> to version 3.2.6 or higher.</p>

Server-side Request Forgery (SSRF) Affecting phpbb/phpbb package, versions <3.2.6

Snyk CVSS

Attack Complexity Low

Scope Changed

Threat Intelligence

EPSS 0.08% (35^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-PHPBBPHPBB-174882
published 4 Jun 2019
disclosed 5 May 2019
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 5 May 2019

CVE-2019-11767 Open this link in a new tab CWE-918 Open this link in a new tab

How to fix?

Upgrade phpbb/phpbb to version 3.2.6 or higher.

Overview

phpbb/phpbb is a Forum Software application.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). It allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

References

GitHub Commit
PHPbb Security Release