Vulnerabilities > CVE-2006-4191 - Unspecified vulnerability in XMB Software Extreme Message Board

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
xmb-software
exploit available

Summary

Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.

Vulnerable Configurations

Part Description Count
Application
Xmb_Software
1

Exploit-Db

descriptionXMB <= 1.9.6 Final basename() Remote Command Execution Exploit. CVE-2006-4191. Webapps exploit for php platform
fileexploits/php/webapps/2178.php
idEDB-ID:2178
last seen2016-01-31
modified2006-08-13
platformphp
port
published2006-08-13
reporterrgod
sourcehttps://www.exploit-db.com/download/2178/
titleXMB <= 1.9.6 Final basename Remote Command Execution Exploit
typewebapps

Statements

contributor
lastmodified2008-12-11
organizationXMB
statementXMB versions 1.9.8 and later were checked and are not vulnerable.