Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2914

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2914
Last Modified 07 Mar 2011 09:37:17
Published 23 Jun 2006 03:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2914

Summary

PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory.

Vulnerable Systems

Application

  • Deluxebb 1.06


References

VUPEN - ADV-2006-2347

BID - 18455

BUGTRAQ - 20060614 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities

SECTRACK - 1016309

MISC - http://secunia.com/secunia_research/2006-44/advisory

SECUNIA - 20152

XF - deluxebb-templatefolder-file-include(27090)

BUGTRAQ - 20060628 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities

OSVDB - 26463

OSVDB - 26462

OSVDB - 26461

OSVDB - 26460

OSVDB - 26459

OSVDB - 26458

SREASON - 1134


Last Updated: 27 May 2016 10:42:48