PT-2007-4551 · Minibb · Minibb

Dj7Xpl

Published

2007-06-19

Updated

2017-10-11

CVE-2007-3272

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions MiniBB version 2.0.5

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the language parameter within a register action.

Recommendations For MiniBB version 2.0.5, consider restricting access to the language parameter in the register action to prevent exploitation until a fix is available. As a temporary workaround, disabling the register action or limiting file access through the index.php file may help minimize the risk.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3272

Affected Products

Minibb

PT-2007-4551 · Minibb · Minibb

CVE-2007-3272

Related Identifiers

Affected Products

References · 6