Vulnerabilities > CVE-2005-1047 - Unspecified vulnerability in PHPbb Group PHPbb
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpbb-group
nessus
Summary
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | PHPBB_UP_MODULE.NASL |
description | The installed version of phpBB on the remote host includes a file upload script intended as a way for users to upload files that they can then link to in their posts. The script, however, does not require authentication, makes only a limited check of upload file types, and stores uploads in a known location. As a result, an attacker can upload arbitrary scripts to the remote host and execute them with the permissions of the web server user. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18007 |
published | 2005-04-11 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18007 |
title | phpBB up.php Arbitrary File Upload |