{"api_version":"1","generated_at":"2026-04-23T11:33:41+00:00","cve":"CVE-2019-11767","urls":{"html":"https://cve.report/CVE-2019-11767","api":"https://cve.report/api/cve/CVE-2019-11767.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-11767","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-11767"},"summary":{"title":"CVE-2019-11767","description":"Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-05-05 06:29:00","updated_at":"2019-05-06 15:57:00"},"problem_types":["CWE-918"],"metrics":[],"references":[{"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941","name":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941","refsource":"MISC","tags":["Vendor Advisory"],"title":"phpBB • phpBB 3.2.6 Release - Please Update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-11767","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11767","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"11767","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"phpbb","cpe5":"phpbb","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11767","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"phpbb","cpe5":"phpbb","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-11767","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941","refsource":"MISC","name":"https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941"}]}},"nvd":{"publishedDate":"2019-05-05 06:29:00","lastModifiedDate":"2019-05-06 15:57:00","problem_types":["CWE-918"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.8,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"11767","Ordinal":"150089","Title":"CVE-2019-11767","CVE":"CVE-2019-11767","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"11767","Ordinal":"1","NoteData":"Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"11767","Ordinal":"2","NoteData":"2019-05-05","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"11767","Ordinal":"3","NoteData":"2019-05-05","Type":"Other","Title":"Modified"}]}}}