VULHUB ™

It has been reported that phpBB2 reveals a user's IP address. This vulnerability is due to phpBB2's file naming scheme for avatar files. When a user elects to upload an avatar file to a system using phpBB2, the system will save the file with a random name. This random name consists of the user's IP address, encoded in hexadecimal values, followed by other characters. A malicious attacker can exploit this vulnerability to find out IP addresses of the users of the system hosting phpBB2 forums.

It has been reported that phpBB2 reveals a user's IP address. This vulnerability is due to phpBB2's file naming scheme for avatar files. When a user elects to upload an avatar file to a system using phpBB2, the system will save the file with a random name. This random name consists of the user's IP address, encoded in hexadecimal values, followed by other characters. A malicious attacker can exploit this vulnerability to find out IP addresses of the users of the system hosting phpBB2 forums.