CVE-2005-4135

Published: Dec 9, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php.

Affected (3)

Products: Simplemedia: Simplebbs

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Simplemedia Simplebbs	Version 1.0.6
Simplemedia Simplebbs	Version 1.0.7
Simplemedia Simplebbs	Version 1.1

References (10)

http://secunia.com/advisories/17949

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1015323

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/418838/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/15764

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2005/2807

Source: cve@mitre.org

http://secunia.com/advisories/17949

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1015323

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/418838/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/15764

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2005/2807

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.