This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Secunia reports :
ShAnKaR has discovered a vulnerability in phpBB, which can be
exploited by malicious users to compromise a vulnerable system.
Input passed to the 'avatar_path' parameter in admin/admin_board.php
is not properly sanitised before being used as a configuration
variable to store avatar images. This can be exploited to upload and
execute arbitrary PHP code by changing 'avatar_path' to a file with a
trailing NULL byte.
Successful exploitation requires privileges to the administration
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 4.0
Public Exploit Available : true