Home > Vulnerability Database > CVE-2020-8226

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2020-8226

Good to know:

Date: August 17, 2020

A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.

Language: PHP

Severity Score

5.8

Related Resources (8)

Url: https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636

Url: https://github.com/phpbb/phpbb-app/commit/0cfaaafb386d58576d200d56f1acdbcc2f2376e8

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-8226

Url: https://github.com/phpbb/phpbb-app/commit/efc0a146bf12125eeb71d00470af774326a7bf0a

Url: https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631

Url: https://github.com/phpbb/phpbb-app

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/phpbb/phpbb/CVE-2020-8226.yaml

Url: https://www.mend.io/vulnerability-database/CVE-2020-8226

Severity Score

5.8

Weakness Type (CWE)

Externally Controlled Reference to a Resource in Another Sphere

CWE-610

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version release-3.2.10,release-3.3.1

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us