CVE-2006-4450

usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.

Date published : 2006-08-29

http://www.securityfocus.com/bid/17965

http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html