FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0259

This CVE name corresponds to:

Entered Topic
2005-07-09 phpbb -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-0259
Phase Assigned(20050209)

Description

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.

References

Source Reference
IDEFENSE 20050222 phpBB Group phpBB Arbitrary File Disclosure Vulnerability
CONFIRM http://www.phpbb.com/support/documents.php?mode=changelog
GENTOO GLSA-200503-02
CERT-VN VU#774686
SECUNIA 14362