header-logo
Suggest Exploit
vendor:
UseBB Forum Software
by:
7.5
CVSS
HIGH
Local File Inclusion
CWE
Product Name: UseBB Forum Software
Affected Version From: UseBB 1.0.11
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Local File Inclusion Vulnerability in UseBB

The UseBB forum software is prone to a local file-include vulnerability due to insufficient input sanitization. An attacker can exploit this vulnerability to access potentially sensitive information and execute arbitrary local scripts within the context of the webserver process. This could lead to the compromise of the application and the underlying computer. Other attacks may also be possible.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input properly. Additionally, restricting access to sensitive files and directories can help prevent exploitation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47166/info

UseBB is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

UseBB 1.0.11 is vulnerable; other versions may also be affected. 

http://www.example.com/admin.php?act=/../../config

Navigation

Suggest Exploit

Services By CQR