Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2006-4759

Published: 13/09/2006 Updated: 17/10/2018
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
VMScore: 320
Vector: AV:N/AC:H/Au:S/C:N/I:P/A:P

Vulnerability Summary

PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.

Vulnerable Product Search on Vulmon Subscribe to Product

punbb punbb 1.2.12

References

NVD-CWE-Otherhttp://www.security.nnov.ru/Odocument221.htmlhttp://www.attrition.org/pipermail/vim/2006-September/001041.htmlhttp://www.attrition.org/pipermail/vim/2006-September/001052.htmlhttp://www.attrition.org/pipermail/vim/2006-September/001055.htmlhttp://forums.punbb.org/viewtopic.php?id=13255https://exchange.xforce.ibmcloud.com/vulnerabilities/28884http://www.securityfocus.com/archive/1/446420/100/0/threadedhttp://www.securityfocus.com/archive/1/445788/100/0/threadedhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228CVE-2024-20361log injectionbypassCVE-2024-4985CVE-2024-35223CVE-2024-29849CVE-2024-31893IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook