Vulnerabilities > CVE-2006-4191 - Unspecified vulnerability in XMB Software Extreme Message Board
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | XMB <= 1.9.6 Final basename() Remote Command Execution Exploit. CVE-2006-4191. Webapps exploit for php platform |
file | exploits/php/webapps/2178.php |
id | EDB-ID:2178 |
last seen | 2016-01-31 |
modified | 2006-08-13 |
platform | php |
port | |
published | 2006-08-13 |
reporter | rgod |
source | https://www.exploit-db.com/download/2178/ |
title | XMB <= 1.9.6 Final basename Remote Command Execution Exploit |
type | webapps |
Statements
contributor | |
lastmodified | 2008-12-11 |
organization | XMB |
statement | XMB versions 1.9.8 and later were checked and are not vulnerable. |
References
- http://retrogod.altervista.org/xmb_196_sql.html
- http://www.securityfocus.com/bid/19501
- http://secunia.com/advisories/21293
- http://www.securityfocus.com/bid/19494
- http://securityreason.com/securityalert/1411
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28356
- https://www.exploit-db.com/exploits/2178
- http://www.securityfocus.com/archive/1/443167/100/0/threaded
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History