CVE-2003-1373 Information

Description

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (00) characters in CGI parameters as demonstrated using the lang parameter in prefs.php.

Reference

http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html http://www.securityfocus.com/bid/6889 https://exchange.xforce.ibmcloud.com/vulnerabilities/11407