Описание
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
EPSS
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
phpBB 2.0.21 does not properly handle pathnames ending in %00, which a ...
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
EPSS
4.6 Medium
CVSS2