CVE-2006-2914 - PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrar

CVE-2006-2914

Summary

PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory.

References

Vulnerable Configurations

cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*
cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 18-10-2018 - 16:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	18455
bugtraq	20060614 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities 20060628 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities
misc	http://secunia.com/secunia_research/2006-44/advisory
osvdb	26458 26459 26460 26461 26462 26463
sectrack	1016309
secunia	20152
sreason	1134
vupen	ADV-2006-2347
xf	deluxebb-templatefolder-file-include(27090)

Last major update

18-10-2018 - 16:43

Published

23-06-2006 - 19:06

Last modified

18-10-2018 - 16:43