Vulnerabilities > CVE-2006-6568 - File Include vulnerability in Mxbb KB Mods 2.0.2

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
mxbb
critical
exploit available
NVD
Published: 2006-12-15
Updated: 2017-10-19

Summary

Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.

Vulnerable Configurations

Part Description Count
Application
Mxbb
1

Exploit-Db

descriptionmxBB Module kb_mods <= 2.0.2 Remote Inclusion Vulnerabilities. CVE-2006-6567,CVE-2006-6568. Webapps exploit for php platform
fileexploits/php/webapps/2924.txt
idEDB-ID:2924
last seen2016-01-31
modified2006-12-12
platformphp
port
published2006-12-12
reporter3l3ctric-Cracker
sourcehttps://www.exploit-db.com/download/2924/
titlemxBB Module kb_mods <= 2.0.2 - Remote Inclusion Vulnerabilities
typewebapps

References