CVE-2006-4758

Published: Sep 13, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20347

vdb-entry

x_refsource_BID

20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability

mailing-list

x_refsource_BUGTRAQ

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120

x_refsource_CONFIRM

28871

third-party-advisory

x_refsource_SECUNIA

phpbb-nullbyte-file-upload(28884)

vdb-entry

x_refsource_XF

21806

vdb-entry

x_refsource_BID

DSA-1488

vendor-advisory

x_refsource_DEBIAN

http://www.security.nnov.ru/Odocument221.html

x_refsource_MISC

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624

x_refsource_MISC

22188

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2006-4758

Description

Affected Products

References