Signature Detail

HTTP: phpBB Avatar Upload

This signature detects attempts to exploit a known vulnerability in the upload avatar included with PHP Bulletin Board (PHPBB). Attackers can use the avatar to obtain sensitive information.

Extended Description

phpBB is affected by an arbitrary file disclosure vulnerability. This issue arises due to an input validation error allowing an attacker to disclose files in the context of a Web server running the application. This may allow the attacker to gain access to sensitive data that may be used to carry out further attacks against a vulnerable computer. A successful attack requires the attacker to have a user account and the presence of some non-default settings allowing for the uploading of remote avatars. phpBB 2.0.11 and prior versions are affected by this issue.

Affected Products

• Gentoo Linux
• phpBB Group phpBB 2.0.0 .0
• phpBB Group phpBB 2.0.0 Beta 1
• phpBB Group phpBB 2.0.0 RC1
• phpBB Group phpBB 2.0.0 RC2
• phpBB Group phpBB 2.0.0 RC3
• phpBB Group phpBB 2.0.0 RC4
• phpBB Group phpBB 2.0.1
• phpBB Group phpBB 2.0.10
• phpBB Group phpBB 2.0.11
• phpBB Group phpBB 2.0.2
• phpBB Group phpBB 2.0.3
• phpBB Group phpBB 2.0.4
• phpBB Group phpBB 2.0.5
• phpBB Group phpBB 2.0.6
• phpBB Group phpBB 2.0.6 c
• phpBB Group phpBB 2.0.6 d
• phpBB Group phpBB 2.0.7
• phpBB Group phpBB 2.0.7 a
• phpBB Group phpBB 2.0.8
• phpBB Group phpBB 2.0.8 a
• phpBB Group phpBB 2.0.9

References

• BugTraq: 12621
• CVE: CVE-2005-0259