Directory traversal vulnerability in auth.php for PhpBB 1.4.0 up to and including 1.4.4 allows remote malicious users to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpbb group phpbb 1.4.4 |
||
phpbb group phpbb 1.4.1 |
||
phpbb group phpbb 1.4.2 |
||
phpbb group phpbb 1.4.0 |