CVE-2006-6262 Information

Description

Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a .. (dot dot) in the orig_id parameter.

Reference

http://secunia.com/advisories/23129 http://securityreason.com/securityalert/1988 http://www.mayhemiclabs.com/advisories/MHL-2006-004.txt http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006004 http://www.securityfocus.com/archive/1/452772/100/0/threaded http://www.securityfocus.com/bid/21304 http://www.vupen.com/english/advisories/2006/4769 https://exchange.xforce.ibmcloud.com/vulnerabilities/30558