Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PunBB 任意文件上传和代码执行漏洞
Vulnerability Description
PunBB 1.2.12未适当处理以%00结尾的avatar目录路径名称,远程认证的管理用户上传任意文件并执行代码,如使用以%00结尾的avatars_dir参数查询admin_options.php所示。
CVSS Information
N/A
Vulnerability Type
N/A