Vulnerability in Snitz_communications Avatar_mod
CVE-2006-2530
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.
EPSS: 0.016 (73.6th percentile) — read the EPSS interpretation.
Affected products
- Snitz_communications Avatar_mod — versions 1.3
- Snitz_communications Snitz_forums_2000 — versions 3.4.02, 3.4.03, 3.4.04
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Exploit, x_refsource_MISC)