Remote Code Execution Vulnerability in PHPBB 2.0.20's Avatar Upload Feature
CVE-2006-4450

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb
Vendor: CVE Published:; 30 August 2006

🔔 Create PHPbb Group Vulnerability Alert

What is CVE-2006-4450?

The avatar upload feature in PHPBB 2.0.20 contains a vulnerability that allows remote attackers to exploit the server's functionality as a web proxy. By submitting a specially crafted URL to the avatarurl parameter, attackers can manipulate the server into making unauthorized HTTP GET requests. This can lead to significant security risks, as it may enable the attacker to access and manipulate data through the server, thus posing a serious threat to the integrity and confidentiality of the server environment.

References

http://securityreason.com/securityalert/1470

third-party-advisoryx_refsource_SREASON

http://archives.neohapsis.com/archives/bugtraq/2006-05/02...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/26537

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2006
Vulnerability Reserved
Aug 29, 2006

CVE-2006-4450 Data

JSON