CVE-2006-4758
Publication date 13 September 2006
Last updated 24 July 2024
Ubuntu priority
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
Status
Package | Ubuntu Release | Status |
---|---|---|
phpbb2 | 9.10 karmic | Not in release |
9.04 jaunty | Not in release | |
8.10 intrepid |
Fixed 2.0.21-6
|
|
8.04 LTS hardy |
Fixed 2.0.21-6
|
|
7.10 gutsy |
Fixed 2.0.21-6
|
|
7.04 feisty |
Fixed 2.0.21-6
|
|
6.10 edgy | Ignored end of life, was needed | |
6.06 LTS dapper | Ignored end of life |