Automatic Image Upload with Thumbnails for PunBB 'uploadimg.php' Arbitrary File Upload Vulnerability

Automatic Image Upload with Thumbnails for PunBB 'uploadimg.php' Arbitrary File Upload Vulnerability

The Automatic Image Upload with Thumbnails module for PunBB is prone to a vulnerability that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input.

NOTE: To exploit this issue, an attacker requires access to a valid user account that is part of a group with file-upload privileges.

An attacker can exploit this issue to execute malicious code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Automatic Image Upload with Thumbnails 1.3.2 and 1.3.3 are affected; other versions may also be vulnerable.