Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a … (dot dot) in the orig_id parameter.
secunia.com/advisories/23129
securityreason.com/securityalert/1988
www.mayhemiclabs.com/advisories/MHL-2006-004.txt
www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006004
www.securityfocus.com/archive/1/452772/100/0/threaded
www.securityfocus.com/bid/21304
www.vupen.com/english/advisories/2006/4769
exchange.xforce.ibmcloud.com/vulnerabilities/30558