Vulnerabilities > CVE-2006-1800 - Unspecified vulnerability in Simplemedia Simplebbs 1.0.6/1.0.7/1.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN simplemedia
exploit available
Summary
Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | SimpleBBS 1.0.6/1.0.7/1.1 Remote Arbitrary Command Execution Vulnerability. CVE-2006-1800. Webapps exploit for php platform |
| id | EDB-ID:27638 |
| last seen | 2016-02-03 |
| modified | 2006-04-13 |
| published | 2006-04-13 |
| reporter | rUnViRuS |
| source | https://www.exploit-db.com/download/27638/ |
| title | SimpleBBS 1.0.6/1.0.7/1.1 - Remote Arbitrary Command Execution Vulnerability |
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/SimpleBBS-RCE-posts.php.pl
- http://downloads.securityfocus.com/vulnerabilities/exploits/SimpleBBS-RCE-posts.php.pl
- http://www.securityfocus.com/archive/1/430872
- http://www.securityfocus.com/archive/1/430872
- http://www.securityfocus.com/bid/17501
- http://www.securityfocus.com/bid/17501
- http://www.worlddefacers.de/Public/WD-SMPL.txt
- http://www.worlddefacers.de/Public/WD-SMPL.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25788
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25788