CVE-2006-4758

2006-09-13T19:07:00
ID CVE-2006-4758
Type cve
Reporter NVD
Modified 2017-07-19T21:33:17

Description

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.