Skip to main content

CVE-2005-0259

Severity Medium
Score 6.4/10

Summary

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published