FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpBB IP address spoofing

Affected packages
phpbb <= 2.0.8_2

Details

VuXML ID cfe17ca6-6858-4805-ba1d-a60a61ec9b4d
Discovery 2004-04-18
Entry 2004-04-23

The common.php script always trusts the `X-Forwarded-For' header in the client's HTTP request. A remote user could forge this header in order to bypass any IP address access control lists (ACLs).

References

Message 20040419000129.28917.qmail@www.securityfocus.com