• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHPBB Arbitrary File Disclosure Vulnerability

phpBB is affected by an arbitrary file disclosure vulnerability. This issue arises due to an input validation error allowing an attacker to disclose files in the context of a Web server running the application.

This may allow the attacker to gain access to sensitive data that may be used to carry out further attacks against a vulnerable computer.

A successful attack requires the attacker to have a user account and the presence of some non-default settings allowing for the uploading of remote avatars.

phpBB 2.0.11 and prior versions are affected by this issue.