File Upload Vulnerability in phpBB by phpBB Group
CVE-2006-4758

Currently unrated

Key Information:

Vendor

PHPbb Group

Status
PHPbb
Vendor
CVE Published:
13 September 2006

What is CVE-2006-4758?

The vulnerability in phpBB 2.0.21 arises from inadequate handling of pathnames that end with a NULL byte (%00). This issue permits remote authenticated administrative users to upload potentially malicious files. An attacker can exploit this by crafting a specific request, such as one sent to admin/admin_board.php with the avatar_path parameter incorrectly terminated by .php%00, allowing arbitrary file uploads to the server, leading to possible further attacks on the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/20347
vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/445788/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.