Vulnerabilities > CVE-2006-5511 - HTML Injection vulnerability in Jaxultrabb 2.0

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

jaxultrabb

exploit available

NVD

Published: 2006-10-25

Updated: 2017-10-19

Summary

Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.

Vulnerable Configurations

Part	Description	Count
Application	Jaxultrabb Jaxultrabb Jaxultrabb 2.0	1

Exploit-Db

description	JaxUltraBB <= 2.0 (delete.php) Remote Auto Deface Exploit. CVE-2006-5511. Webapps exploit for php platform
file	exploits/php/webapps/2616.php
id	EDB-ID:2616
last seen	2016-01-31
modified	2006-10-22
platform	php
port
published	2006-10-22
reporter	Kacper
source	https://www.exploit-db.com/download/2616/
title	JaxUltraBB <= 2.0 delete.php Remote Auto Deface Exploit
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References