PT-2006-3477 · Snitz Forums · Avatar Mod

Publicado

2006-05-22

Atualizado

2018-10-18

CVE-2006-2530

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Avatar MOD versions 1.3 and possibly other versions for Snitz Forums 3.4

Description The issue allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name.

Recommendations For Avatar MOD version 1.3, consider restricting file uploads or validating file names to prevent null byte injection until a patch is available. For other possibly affected versions of Avatar MOD, restrict file uploads or validate file names to prevent null byte injection until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2006-2530

Produtos afetados

Avatar Mod

PT-2006-3477 · Snitz Forums · Avatar Mod

CVE-2006-2530

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8