Back to search
CVE-2006-3208
Published: Jun 24, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt
x_refsource_MISC
1138
third-party-advisory
x_refsource_SREASON
20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now