CVE-2005-0259 - Precordial Headings

Description

phpBB 2.0.11 and possibly other versions with remote avatars and avatar uploading enabled allows local users to read arbitrary files by providing both a local and remote location for an avatar then modifying the \Upload Avatar from a URL:\ field to reference the target file.

Reference

http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities http://www.phpbb.com/support/documents.php?mode=changelog http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml http://www.kb.cert.org/vuls/id/774686 http://secunia.com/advisories/14362/