Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and previous versions allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ultimate php board ultimate php board 1.9.6 |
||
ultimate php board ultimate php board 1.8 |
||
ultimate php board ultimate php board 1.8.2 |
||
ultimate php board ultimate php board 1.9 |