CVE-2006-5511

Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jaxultrabb:jaxultrabb:2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:19

Type Values Removed Values Added
References () http://attrition.org/pipermail/vim/2006-October/001095.html - Exploit () http://attrition.org/pipermail/vim/2006-October/001095.html - Exploit
References () http://www.securityfocus.com/bid/20679 - Exploit () http://www.securityfocus.com/bid/20679 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/29711 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/29711 -
References () https://www.exploit-db.com/exploits/2616 - () https://www.exploit-db.com/exploits/2616 -

Information

Published : 2006-10-25 22:07

Updated : 2024-11-21 00:19


NVD link : CVE-2006-5511

Mitre link : CVE-2006-5511

CVE.ORG link : CVE-2006-5511


JSON object : View

Products Affected

jaxultrabb

  • jaxultrabb