phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
Software | From | Fixed in |
---|---|---|
phpbb_group / phpbb | 2.0.0 | 2.0.0.x |
phpbb_group / phpbb | 2.0.1 | 2.0.1.x |
phpbb_group / phpbb | 2.0.2 | 2.0.2.x |
phpbb_group / phpbb | 2.0.3 | 2.0.3.x |
phpbb_group / phpbb | 2.0.4 | 2.0.4.x |
phpbb_group / phpbb | 2.0.5 | 2.0.5.x |
phpbb_group / phpbb | 2.0.6 | 2.0.6.x |
phpbb_group / phpbb | 2.0.6c | 2.0.6c.x |
phpbb_group / phpbb | 2.0.6d | 2.0.6d.x |
phpbb_group / phpbb | 2.0.7 | 2.0.7.x |
phpbb_group / phpbb | 2.0.7a | 2.0.7a.x |
phpbb_group / phpbb | 2.0.8 | 2.0.8.x |
phpbb_group / phpbb | 2.0.8a | 2.0.8a.x |