Vulnerabilities > Punbb > Punbb > 1.2.12
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-13 | CVE-2006-4759 | File-Upload vulnerability in Punbb 1.2.12 PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. | 3.6 |