CVE-2006-4544 Information
Description
Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1 when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php (3) birstday/profile_show.php (4) newusergreatings/pm_newreg.php (5) punish/p_error.php (6) punish/profile.php and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488 although it is for a slightly different product from the same vendor.
Reference
http://advisories.echo.or.id/adv/adv46-matdhule-2006.txt http://securityreason.com/securityalert/1501 http://securitytracker.com/id?1016773 http://www.securityfocus.com/archive/1/444825/100/0/threaded http://www.securityfocus.com/bid/19787
Share on: