CVE-2005-1047

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0.x

Description The issue concerns a file upload script, specifically the mod for phpBB, which fails to properly restrict the types of files that can be uploaded. This allows remote authenticated users to execute arbitrary commands by uploading PHP files and then directly requesting them from the uploads directory.

Recommendations For phpBB version 2.0.x, consider disabling the file upload functionality in the up.php script until a proper fix is applied to restrict file types to non-executable ones. Restrict access to the uploads directory to prevent direct execution of uploaded files.