<<< Date Index >>>     <<< Thread Index >>>

Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability



I fail to see how this affects PunBB. The first thing PunBB does after 
receiving an uploaded avatar is:

move_uploaded_file($uploaded_file['tmp_name'], 
$pun_config['o_avatars_dir'].'/'.$id.'.tmp')

After that, $uploaded_file['tmp_name'] isn't used anymore. Am I missing 
something here or what?