CVE-2006-4759
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/09/2006
Last modified:
03/04/2025
Description
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
Impact
Base Score 2.0
3.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:punbb:punbb:1.2.12:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://forums.punbb.org/viewtopic.php?id=13255
- http://www.attrition.org/pipermail/vim/2006-September/001041.html
- http://www.attrition.org/pipermail/vim/2006-September/001052.html
- http://www.attrition.org/pipermail/vim/2006-September/001055.html
- http://www.security.nnov.ru/Odocument221.html
- http://www.securityfocus.com/archive/1/445788/100/0/threaded
- http://www.securityfocus.com/archive/1/446420/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28884
- http://forums.punbb.org/viewtopic.php?id=13255
- http://www.attrition.org/pipermail/vim/2006-September/001041.html
- http://www.attrition.org/pipermail/vim/2006-September/001052.html
- http://www.attrition.org/pipermail/vim/2006-September/001055.html
- http://www.security.nnov.ru/Odocument221.html
- http://www.securityfocus.com/archive/1/445788/100/0/threaded
- http://www.securityfocus.com/archive/1/446420/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28884