Vulnerability Description
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Punbb | Punbb | 1.2.12 |
References
- http://forums.punbb.org/viewtopic.php?id=13255
- http://www.attrition.org/pipermail/vim/2006-September/001041.html
- http://www.attrition.org/pipermail/vim/2006-September/001052.html
- http://www.attrition.org/pipermail/vim/2006-September/001055.html
- http://www.security.nnov.ru/Odocument221.htmlExploit
- http://www.securityfocus.com/archive/1/445788/100/0/threaded
- http://www.securityfocus.com/archive/1/446420/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28884
- http://forums.punbb.org/viewtopic.php?id=13255
- http://www.attrition.org/pipermail/vim/2006-September/001041.html
- http://www.attrition.org/pipermail/vim/2006-September/001052.html
- http://www.attrition.org/pipermail/vim/2006-September/001055.html
- http://www.security.nnov.ru/Odocument221.htmlExploit
- http://www.securityfocus.com/archive/1/445788/100/0/threaded
- http://www.securityfocus.com/archive/1/446420/100/0/threaded
FAQ
What is CVE-2006-4759?
CVE-2006-4759 is a vulnerability with a CVSS score of 3.6 (LOW). PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by ...
How severe is CVE-2006-4759?
CVE-2006-4759 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4759?
Check the references section above for vendor advisories and patch information. Affected products include: Punbb Punbb.