Vulnerability Description
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpbb Group | Phpbb | 2.0.0 |
References
- http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml
- http://www.idefense.com/application/poi/display?id=205&type=vulnerabilitiesPatchVendor Advisory
- http://www.phpbb.com/support/documents.php?mode=changelogVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml
- http://www.idefense.com/application/poi/display?id=205&type=vulnerabilitiesPatchVendor Advisory
- http://www.phpbb.com/support/documents.php?mode=changelogVendor Advisory
FAQ
What is CVE-2005-0258?
CVE-2005-0258 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (u...
How severe is CVE-2005-0258?
CVE-2005-0258 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0258?
Check the references section above for vendor advisories and patch information. Affected products include: Phpbb Group Phpbb.