Vulnerability Details CVE-2004-1399
Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=110304269031484&w=2
- http://secunia.com/advisories/13421/
- http://www.securityfocus.com/bid/11893
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18437
- http://marc.info/?l=bugtraq&m=110304269031484&w=2
- http://secunia.com/advisories/13421/
- http://www.securityfocus.com/bid/11893
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18437
Products affected by CVE-2004-1399
-
cpe:2.3:a:opentools:attachment_mod:2.3.10
-
cpe:2.3:a:opentools:attachment_mod:2.3.4
-
cpe:2.3:a:opentools:attachment_mod:2.3.5
-
cpe:2.3:a:opentools:attachment_mod:2.3.6
-
cpe:2.3:a:opentools:attachment_mod:2.3.7
-
cpe:2.3:a:opentools:attachment_mod:2.3.8
-
cpe:2.3:a:opentools:attachment_mod:2.3.9