CVE-2017-1000419: Server-Side Request Forgery (SSRF)

January 2, 2018 (updated January 16, 2018)

phpBB is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

References

nvd.nist.gov/vuln/detail/CVE-2017-1000419
www.phpbb.com/community/viewtopic.php?f=14&p=14782136

Code Behaviors & Features

Detect and mitigate CVE-2017-1000419 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →