Overview
The phpBB input validation methods may fail to sanitize user input resulting in a disclosure of arbitrary file data.
Description
phpBB is a customizable open source bulletin board package. It contains functionality that allows users to specify graphic files for use as "avatars." These files may be located on a remote server or on a filesystem. However, a local file upload path using the default, temporary remote server name can cause the remote phpBB server to interpret a file local to the server as the avatar file. This file will then be made available to theuser for download or viewing. |
Impact
If the remote avatar and remote avatar uploading functions are enabled (which are disabled by default), a remote, authenticated attacker who is allowed to specify remote avatars may be able to access arbitrary files on the phpBB server with the permissions of the web server. |
Solution
Apply an update phpBB versions 2.0.12 and later do not contain this flaw. The phpBB web page contains additional information and downloads. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A |
References
Acknowledgements
Thanks to AnthraX101 for reporting this vulnerability.
This document was written by Ken MacInnis.
Other Information
| CVE IDs: | CVE-2005-0259 |
| Severity Metric: | 3.75 |
| Date Public: | 2005-02-22 |
| Date First Published: | 2005-02-25 |
| Date Last Updated: | 2005-03-17 13:58 UTC |
| Document Revision: | 10 |