Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3207


Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3207
Last Modified 05 Sep 2008 05:06:30
Published 23 Jun 2006 09:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation.

Vulnerable Systems


  • Ultimate Php Board 1.8

  • Ultimate Php Board 1.8.2

  • Ultimate Php Board 1.9

  • Ultimate Php Board 1.9.6


BUGTRAQ - 20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)

SREASON - 1138

Last Updated: 27 May 2016 10:42:54