CVE-2006-4759

Name of the Vulnerable Software and Affected Versions PunBB version 1.2.12

Description The issue arises from improper handling of an avatar directory pathname ending in %00, allowing remote authenticated administrative users to upload arbitrary files and execute code. This can be achieved by sending a query to the "admin options.php" endpoint with an avatars dir parameter ending in %00.

Recommendations For PunBB version 1.2.12, consider restricting access to the admin options.php endpoint to prevent exploitation until a proper fix is applied. As a temporary workaround, avoid using the avatars dir parameter ending in %00 to minimize the risk of arbitrary file uploads and code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.