Vulnerabilities > CVE-2006-5511 - Unspecified vulnerability in Jaxultrabb 2.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN jaxultrabb
exploit available
Summary
Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | JaxUltraBB <= 2.0 (delete.php) Remote Auto Deface Exploit. CVE-2006-5511. Webapps exploit for php platform |
| file | exploits/php/webapps/2616.php |
| id | EDB-ID:2616 |
| last seen | 2016-01-31 |
| modified | 2006-10-22 |
| platform | php |
| port | |
| published | 2006-10-22 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2616/ |
| title | JaxUltraBB <= 2.0 delete.php Remote Auto Deface Exploit |
| type | webapps |
References
- http://attrition.org/pipermail/vim/2006-October/001095.html
- http://attrition.org/pipermail/vim/2006-October/001095.html
- http://www.securityfocus.com/bid/20679
- http://www.securityfocus.com/bid/20679
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29711
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29711
- https://www.exploit-db.com/exploits/2616
- https://www.exploit-db.com/exploits/2616