• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED: phpBB .PNG and .RAR Multiple Arbitrary File Upload Vulnerabilities

phpBB is prone to multiple vulnerabilities that allow attackers to upload arbitrary files because it fails to properly verify the content of attachments posted to web-log entries.

Exploiting these issues may allow an attacker to upload arbitrary code and execute it in the context of the webserver process.

phpBB 2.0.22 is vulnerable; other versions may also be affected.

UPDATE (December 7, 2007): The vendor refutes these issues, indicating that files cannot be uploaded to posts.

NOTE: This BID is being retired because information from the vendor indicates that the application is not vulnerable to the issues described.