CVE-2006-1800 - Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attacker

CVE-2006-1800

Summary

Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log.

References

Vulnerable Configurations

cpe:2.3:a:simplemedia:simplebbs:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:simplemedia:simplebbs:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:simplemedia:simplebbs:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:simplemedia:simplebbs:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:simplemedia:simplebbs:1.1:*:*:*:*:*:*:*
cpe:2.3:a:simplemedia:simplebbs:1.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17501
bugtraq	20060412 SimpleBBS v1.1(posts.php) remote command execution
misc	http://downloads.securityfocus.com/vulnerabilities/exploits/SimpleBBS-RCE-posts.php.pl http://www.worlddefacers.de/Public/WD-SMPL.txt
xf	simplebbs-posts-command-execution(25788)

Last major update

20-07-2017 - 01:30

Published

18-04-2006 - 10:02

Last modified

20-07-2017 - 01:30