CVE-2003-1373 — Path Traversal in Group Phpbb

CWE-22 — Path Traversal2 documents2 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 63.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedDec 31

Latest updateApr 29

Description

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDphpbb_group/phpbb4 versions+3

🔴Vulnerability Details

GHSA

GHSA-5wg6-v5wg-r8c6: Directory traversal vulnerability in auth↗2022-04-29

▶