CVE-2005-0259
Summary
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
- LOW
- NETWORK
- NONE
- PARTIAL
- PARTIAL
- NONE
References
Advisory Timeline
- Published