CVE-2006-4758

CVE-2006-4758 · MEDIUM Severity

AV:N/AC:H/AU:S/C:P/I:P/A:P

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.

Learn more about our User Device Pen Test.