CoolForum contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the avatar.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the img variable.
Upgrade to version 0.5.1 beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
A vulnerability has been discovered in CoolForum v0.5 beta.
It has been reported that by passing maliciously constructed requests to the 'avatar.php' script included with CoolForum, it is possible to access arbitrary PHP files. Requesting files with this method will allow an attacker to bypass .htaccess list restrictions. Other sensitive files may also be disclosed.
It has been reported that web servers failing to implement restricted directories, such as chroot, it is possible for an attacker to access arbitrary webserver readable system files.
By exploiting this issue to access sensitive files, it may be possible for an attacker to obtain information required to launch further attacks against the target server.
This issue can be exploited from a web browser.
The vendor has addressed the issue in later versions of the software: