CVE-2006-2914 Information

Description

PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php (2) posting.php (3) and pm/newpm.php in the deluxe/ directory and (4) postreply.php (5) posting.php and (6) pm/newpm.php in the default/ directory.

Reference

http://secunia.com/advisories/20152 http://secunia.com/secunia_research/2006-44/advisory http://securityreason.com/securityalert/1134 http://securitytracker.com/id?1016309 http://www.osvdb.org/26458 http://www.osvdb.org/26459 http://www.osvdb.org/26460 http://www.osvdb.org/26461 http://www.osvdb.org/26462 http://www.osvdb.org/26463 http://www.securityfocus.com/archive/1/437228/100/100/threaded http://www.securityfocus.com/archive/1/438597/100/0/threaded http://www.securityfocus.com/bid/18455 http://www.vupen.com/english/advisories/2006/2347 https://exchange.xforce.ibmcloud.com/vulnerabilities/27090