CVE-2006-3208

Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.8:*:*:*:*:*:*:*
cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.9:*:*:*:*:*:*:*
cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.9.6:*:*:*:*:*:*:*

History

21 Nov 2024, 00:13

Type Values Removed Values Added
References () http://securityreason.com/securityalert/1138 - () http://securityreason.com/securityalert/1138 -
References () http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt - Exploit, URL Repurposed () http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt - Exploit, URL Repurposed
References () http://www.securityfocus.com/archive/1/437875/100/0/threaded - () http://www.securityfocus.com/archive/1/437875/100/0/threaded -

14 Feb 2024, 01:17

Type Values Removed Values Added
References (MISC) http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt - Exploit (MISC) http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt - Exploit, URL Repurposed

Information

Published : 2006-06-24 01:06

Updated : 2024-11-21 00:13


NVD link : CVE-2006-3208

Mitre link : CVE-2006-3208

CVE.ORG link : CVE-2006-3208


JSON object : View

Products Affected

ultimate_php_board

  • ultimate_php_board