phpBB *avatar_path* PHP Code Execution Vulnerability Date: Thursday, October 05, 2006 @ 12:59:26 CDT Topic: Security SECUNIA ADVISORY ID: SA22188 VERIFY ADVISORY: http://secunia.com/advisories/22188/ CRITICAL: Less critical IMPACT: System access WHERE: >From remote SOFTWARE: phpBB 2.x - http://secunia.com/product/463/ DESCRIPTION: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitized before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte. Successful exploitation requires privileges to the administration section. The vulnerability has been confirmed in version 2.0.21. Other versions may also be affected. SOLUTION: Grant only trusted users access to the administration section. Edit the source code to ensure that input is properly sanitized. PROVIDED AND/OR DISCOVERED BY: ShAnKaR This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2431