CVE-2006-3798 Information

Description

DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET (2) _POST (3) _ENV and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable which can overwrite the other variables during an extract function call probably leading to multiple security vulnerabilities aka \pollution of the global namespace.\

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html http://securityreason.com/securityalert/1254 http://www.securityfocus.com/archive/1/440435/100/0/threaded http://www.securityfocus.com/bid/19052