Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3208

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-3208
Last Modified 05 Sep 2008 05:06:30
Published 23 Jun 2006 09:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-3208

Summary

Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB.

Vulnerable Systems

Application

  • Ultimate Php Board 1.8

  • Ultimate Php Board 1.8.2

  • Ultimate Php Board 1.9

  • Ultimate Php Board 1.9.6


References

BUGTRAQ - 20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)

MISC - http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt

SREASON - 1138


Last Updated: 27 May 2016 10:42:54