FreeBSD : phpbb -- NULL byte injection vulnerability (86526ba4-53c8-11db-8f1a-000a48049292)
Medium Nessus Plugin ID 22502
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSecunia reports :
ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system.
Input passed to the 'avatar_path' parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing 'avatar_path' to a file with a trailing NULL byte.
Successful exploitation requires privileges to the administration section.
SolutionUpdate the affected packages.