Phpbb Group : Security Vulnerabilities, CVEs, (Directory traversal)
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.
Max CVSS
5.0
EPSS Score
0.95%
Published
2005-03-14
Updated
2008-09-10
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
Max CVSS
6.8
EPSS Score
0.61%
Published
2003-12-31
Updated
2017-07-29
2 vulnerabilities found