PT-2005-1336 · Phpbb · Phpbb

Published

2005-02-22

Updated

2008-09-10

CVE-2005-0258

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0.11 and possibly other versions

Description A directory traversal issue exists, allowing remote attackers to delete arbitrary files. This is achieved by using "/../" sequences in the avatarselect parameter of the "usercp register.php" and "usercp avatar.php" scripts when gallery avatars are enabled.

Recommendations For phpBB version 2.0.11, consider disabling the gallery avatars feature to prevent exploitation until a fix is available. Restrict access to the "usercp register.php" and "usercp avatar.php" scripts to minimize the risk of exploitation. Avoid using the avatarselect parameter in the affected scripts until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0258

Affected Products

Phpbb

PT-2005-1336 · Phpbb · Phpbb

CVE-2005-0258

Related Identifiers

Affected Products

References · 5