CVE-2003-1373

phpBB 1.4.0-1.4.4 - Path Traversal via Null-Byte Terminated Dot-Dot Sequences

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6889
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11407

Scores

EPSS 0.0127
EPSS Percentile 66.2%

Details

CWE
CWE-22
Status published
Products (4)
phpbb_group/phpbb 1.4.0
phpbb_group/phpbb 1.4.1
phpbb_group/phpbb 1.4.2
phpbb_group/phpbb 1.4.4
Published Dec 31, 2003
Tracked Since Feb 18, 2026