Vulnerabilities > CVE-2006-4759 - Unspecified vulnerability in Punbb 1.2.12

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
punbb
nessus
NVD
Published: 2006-09-13
Updated: 2024-11-21

Summary

PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.

Vulnerable Configurations

Part Description Count
Application
Punbb
1

Nessus

NASL familyFreeBSD Local Security Checks
NASL idFREEBSD_PKG_E79876E4506111DBA5AE00508D6A62DF.NASL
descriptionCVE Mitre reports : PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
last seen2020-06-01
modified2020-06-02
plugin id22491
published2006-10-02
reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/22491
titleFreeBSD : punbb -- NULL byte injection vulnerability (e79876e4-5061-11db-a5ae-00508d6a62df)

Statements

contributorRickard Andersson
lastmodified2006-09-28
organizationPunBB
statementPunBB 1.2.13 has been released to fix this vulnerability. The updated version is available at http://punbb.org/downloads.php.

References