phpBB Attach Module UPLOAD_DIR Directory Traversal

2004-11-26T13:23:51
ID OSVDB:12162
Type osvdb
Reporter Zeelock(zee@psybnc.it)
Modified 2004-11-26T13:23:51

Description

Vulnerability Description

The Attach module for phpBB version 2.0.10 and below does not properly filter the string in the UPLOAD_DIR field. Attackers may specify a string containing "../" to traverse directories allowing file upload access from anywhere on the underlying operating system.

Solution Description

Upgrade to version 2.0.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Attach module for phpBB version 2.0.10 and below does not properly filter the string in the UPLOAD_DIR field. Attackers may specify a string containing "../" to traverse directories allowing file upload access from anywhere on the underlying operating system.

References:

Vendor URL: http://www.phpbb.com/ Related OSVDB ID: 11719 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0368.html ISS X-Force ID: 18266