CVE-2006-3207 Information

Description

Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (00) byte in the id parameter as demonstrated by injecting a Perl CGI script using [NR]\ sequences in the message parameter then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation.

Reference

http://securityreason.com/securityalert/1138 http://www.securityfocus.com/archive/1/437875/100/0/threaded