CVE-2006-4759 Information
Description
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in 00 which allows remote authenticated administrative users to upload arbitrary files and execute code as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in 00. NOTE: this issue was originally disputed by the vendor but the dispute was withdrawn on 20060926.
Reference
http://forums.punbb.org/viewtopic.php?id=13255 http://www.attrition.org/pipermail/vim/2006-September/001041.html http://www.attrition.org/pipermail/vim/2006-September/001052.html http://www.attrition.org/pipermail/vim/2006-September/001055.html http://www.security.nnov.ru/Odocument221.html http://www.securityfocus.com/archive/1/445788/100/0/threaded http://www.securityfocus.com/archive/1/446420/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28884
Share on: