Lucene search
Ubuntu.comUB:CVE-2006-4758HistorySep 13, 2006 - 12:00 a.m.
CVE-2006-4758
2006-09-1300:00:00
ubuntu.com
ubuntu.com
6
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.5%
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows
remote authenticated administrative users to upload arbitrary files, as
demonstrated by a query to admin/admin_board.php with an avatar_path
parameter ending in .php%00.
Bugs
Related
nessus
nessus
FreeBSD : phpbb -- NULL byte injection vulnerability (86526ba4-53c8-11db-8f1a-000a48049292)
2006-10-05 00:00:00
phpBB < 2.0.22 Multiple Vulnerabilities
2007-01-03 00:00:00
Debian DSA-1488-1 : phpbb2 - several vulnerabilities
2008-02-11 00:00:00
freebsd
freebsd
phpbb -- NULL byte injection vulnerability
2006-09-12 00:00:00
cve
cve
CVE-2006-4758
2006-09-13 23:07:00
openvas
openvas
FreeBSD Ports: phpbb, zh-phpbb-tw
2008-09-04 00:00:00
FreeBSD Ports: phpbb, zh-phpbb-tw
2008-09-04 00:00:00
Debian: Security Advisory (DSA-1488-1)
2008-02-15 00:00:00
debian
debian
[SECURITY] [DSA 1488-1] New phpbb2 packages fix several vulnerabilities
2008-02-09 01:02:27
osv
osv
phpbb2 - several vulnerabilities
2008-02-09 00:00:00
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.5%
Related for UB:CVE-2006-4758