PT-2006-3477 · Snitz Forums · Avatar Mod

Published

2006-05-22

Updated

2018-10-18

CVE-2006-2530

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Avatar MOD versions 1.3 and possibly other versions for Snitz Forums 3.4

Description The issue allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name.

Recommendations For Avatar MOD version 1.3, consider restricting file uploads or validating file names to prevent null byte injection until a patch is available. For other possibly affected versions of Avatar MOD, restrict file uploads or validate file names to prevent null byte injection until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2006-2530

Affected Products

Avatar Mod

PT-2006-3477 · Snitz Forums · Avatar Mod

CVE-2006-2530

Weakness Enumeration

Related Identifiers

Affected Products

References · 8