FreeBSD : phpbb -- NULL byte injection vulnerability (86526ba4-53c8-11db-8f1a-000a48049292)

Medium Nessus Plugin ID 22502


The remote FreeBSD host is missing one or more security-related updates.


Secunia reports :

ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system.

Input passed to the 'avatar_path' parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing 'avatar_path' to a file with a trailing NULL byte.

Successful exploitation requires privileges to the administration section.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 22502

File Name: freebsd_pkg_86526ba453c811db8f1a000a48049292.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2006/10/05

Modified: 2016/05/09

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.6

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpbb, p-cpe:/a:freebsd:freebsd:zh-phpbb-tw, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/10/04

Vulnerability Publication Date: 2006/09/12

Reference Information

CVE: CVE-2006-4758

BID: 20347

Secunia: 22188