CVE-2006-5511 Information

Description

Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0 when register_globals is enabled allows remote attackers to inject arbitrary web script HTML or PHP via the contents parameter whose value is prepended to the file specified by the forum parameter.

Reference

http://attrition.org/pipermail/vim/2006-October/001095.html http://www.securityfocus.com/bid/20679 https://exchange.xforce.ibmcloud.com/vulnerabilities/29711 https://www.exploit-db.com/exploits/2616