Vulnerabilities > CVE-2006-5511 - HTML Injection vulnerability in Jaxultrabb 2.0
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | JaxUltraBB <= 2.0 (delete.php) Remote Auto Deface Exploit. CVE-2006-5511. Webapps exploit for php platform |
file | exploits/php/webapps/2616.php |
id | EDB-ID:2616 |
last seen | 2016-01-31 |
modified | 2006-10-22 |
platform | php |
port | |
published | 2006-10-22 |
reporter | Kacper |
source | https://www.exploit-db.com/download/2616/ |
title | JaxUltraBB <= 2.0 delete.php Remote Auto Deface Exploit |
type | webapps |