FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpbb -- NULL byte injection vulnerability

Affected packages
phpbb < 2.0.22
zh-phpbb-tw < 2.0.22


VuXML ID 86526ba4-53c8-11db-8f1a-000a48049292
Discovery 2006-09-12
Entry 2006-10-04
Modified 2006-12-24

Secunia reports:

ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system.

Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte.

Successful exploitation requires privileges to the administration section.


Bugtraq ID 20347
CVE Name CVE-2006-4758