Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a .. (dot dot) in the orig_id parameter.Referenceshttp://www.vupen.com/english/advisories/2006/4769http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006004http://securityreason.com/securityalert/1988http://www.mayhemiclabs.com/advisories/MHL-2006-004.txthttp://www.securityfocus.com/bid/21304http://www.securityfocus.com/archive/1/452772/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/30558http://secunia.com/advisories/23129
