FreeBSD : phpbb -- NULL byte injection vulnerability (86526ba4-53c8-11db-8f1a-000a48049292)

Secunia reports : ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the 'avatarpath' parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avata...

CVE-2006-4758

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/adminboard.php with an avatarpath parameter ending in .php%00...

CVE-2006-4758

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/adminboard.php with an avatarpath parameter ending in .php%00...

phpbb -- NULL byte injection vulnerability

Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatarpath" parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avatar...