Vulnerabilities > CVE-2006-7169 - Remote File Include vulnerability in Ultimate PHP Board Header_simple.PHP

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
ultimate-php-board
exploit available
NVD
Published: 2007-03-20
Updated: 2017-10-11

Summary

PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter.

Vulnerable Configurations

Part Description Count
Application
Ultimate_Php_Board
1

Exploit-Db

descriptionUltimate PHP Board <= 2.0 (header_simple.php) File Include Exploit. CVE-2006-7169. Webapps exploit for php platform
fileexploits/php/webapps/2721.php
idEDB-ID:2721
last seen2016-01-31
modified2006-11-05
platformphp
port
published2006-11-05
reporterKacper
sourcehttps://www.exploit-db.com/download/2721/
titleUltimate PHP Board <= 2.0 - header_simple.php File Include Exploit
typewebapps

References