CVE-2005-0258

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0.11 and possibly other versions

Description A directory traversal issue exists, allowing remote attackers to delete arbitrary files. This is achieved by using "/../" sequences in the avatarselect parameter of the "usercp register.php" and "usercp avatar.php" scripts when gallery avatars are enabled.

Recommendations For phpBB version 2.0.11, consider disabling the gallery avatars feature to prevent exploitation until a fix is available. Restrict access to the "usercp register.php" and "usercp avatar.php" scripts to minimize the risk of exploitation. Avoid using the avatarselect parameter in the affected scripts until the issue is resolved.