FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpbb -- NULL byte injection vulnerability

Affected packages
phpbb < 2.0.22
zh-phpbb-tw < 2.0.22

Details

VuXML ID 86526ba4-53c8-11db-8f1a-000a48049292
Discovery 2006-09-12
Entry 2006-10-04
Modified 2006-12-24

Secunia reports:

ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system.

Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte.

Successful exploitation requires privileges to the administration section.

[source]

References

Bugtraq ID 20347
CVE Name CVE-2006-4758
URL http://secunia.com/advisories/22188/
URL http://www.security.nnov.ru/Odocument221.html
URL http://xforce.iss.net/xforce/xfdb/28884

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.