{"vuid":"VU#774686","idnumber":"774686","name":"phpBB vulnerable to file disclosure","keywords":["phpBB","arbitrary file disclosure","avatar","Upload Avatar from a URL"],"overview":"The phpBB input validation methods may fail to sanitize user input resulting in a disclosure of arbitrary file data.","clean_desc":"phpBB is a customizable open source bulletin board package. It contains functionality that allows users to specify graphic files for use as \"avatars.\" These files may be located on a remote server or on a filesystem. However, a local file upload path using the default, temporary remote server name can cause the remote phpBB server to interpret a file local to the server as the avatar file. This file will then be made available to theuser for download or viewing.","impact":"If the remote avatar and remote avatar uploading functions are enabled (which are disabled by default), a remote, authenticated attacker who is allowed to specify remote avatars may be able to access arbitrary files on the phpBB server with the permissions of the web server.","resolution":"Apply an update\nphpBB versions 2.0.12 and later do not contain this flaw. The phpBB web page contains additional information and downloads.","workarounds":"As a workaround, administrators may disable remote avatars","sysaffected":"","thanks":"Thanks to AnthraX101  for reporting this vulnerability.","author":"This document was written by Ken MacInnis.","public":["http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities","http://secunia.com/advisories/14362/","http://www.phpbb.com/phpBB/viewtopic.php?t=265423"],"cveids":["CAN-2005-0259"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:11:56.123148Z","publicdate":"2005-02-22T00:00:00Z","datefirstpublished":"2005-02-25T19:17:32Z","dateupdated":"2005-03-17T13:58:00Z","revision":10,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":3.75,"vulnote":null}