MBoard orig_id Traversal Arbitrary File Creation

ID OSVDB:30771
Type osvdb
Reporter OSVDB
Modified 2006-11-26T06:03:58


Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Solution Description

Upgrade to version 1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


Vendor URL: http://www.phpjunkyard.com/php-message-board.php Secunia Advisory ID:23129 Other Advisory URL: http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006004 Other Advisory URL: http://www.mayhemiclabs.com/advisories/MHL-2006-004.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0407.html ISS X-Force ID: 30558 FrSIRT Advisory: ADV-2006-4769 CVE-2006-6262