Vulnerability Description
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpbb Group | Phpbb | 2.0.0 |
References
- http://secunia.com/advisories/14362/
- http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml
- http://www.idefense.com/application/poi/display?id=204&type=vulnerabilitiesPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/774686US Government Resource
- http://www.phpbb.com/support/documents.php?mode=changelogVendor Advisory
- http://secunia.com/advisories/14362/
- http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml
- http://www.idefense.com/application/poi/display?id=204&type=vulnerabilitiesPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/774686US Government Resource
- http://www.phpbb.com/support/documents.php?mode=changelogVendor Advisory
FAQ
What is CVE-2005-0259?
CVE-2005-0259 is a vulnerability with a CVSS score of 6.4 (MEDIUM). phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, the...
How severe is CVE-2005-0259?
CVE-2005-0259 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0259?
Check the references section above for vendor advisories and patch information. Affected products include: Phpbb Group Phpbb.