Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0259

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-0259
Last Modified 10 Sep 2008 03:35:13
Published 14 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0259

Summary

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0 Beta1

  • Phpbb Group Phpbb 2.0 Rc1

  • Phpbb Group Phpbb 2.0 Rc2

  • Phpbb Group Phpbb 2.0 Rc3

  • Phpbb Group Phpbb 2.0 Rc4

  • Phpbb Group Phpbb 2.0.0

  • Phpbb Group Phpbb 2.0.1

  • Phpbb Group Phpbb 2.0.10

  • Phpbb Group Phpbb 2.0.11

  • Phpbb Group Phpbb 2.0.2

  • Phpbb Group Phpbb 2.0.3

  • Phpbb Group Phpbb 2.0.4

  • Phpbb Group Phpbb 2.0.5

  • Phpbb Group Phpbb 2.0.6

  • Phpbb Group Phpbb 2.0.6c

  • Phpbb Group Phpbb 2.0.6d

  • Phpbb Group Phpbb 2.0.7

  • Phpbb Group Phpbb 2.0.7a

  • Phpbb Group Phpbb 2.0.8

  • Phpbb Group Phpbb 2.0.8a

  • Phpbb Group Phpbb 2.0.9


References

CERT-VN - VU#774686

IDEFENSE - 20050222 phpBB Group phpBB Arbitrary File Disclosure Vulnerability

CONFIRM - http://www.phpbb.com/support/documents.php?mode=changelog

GENTOO - GLSA-200503-02

SECUNIA - 14362


Last Updated: 27 May 2016 10:39:44