CVE-2006-3208

Published: Jun 24, 2006Modified: Apr 16, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB.

Affected (4)

Products: Ultimate Php Board: Ultimate Php Board

Ultimate Php Board

1 product

Ultimate Php Board

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ultimate Php Board Ultimate Php Board	Version 1.8.2
Ultimate Php Board Ultimate Php Board	Version 1.8
Ultimate Php Board Ultimate Php Board	Version 1.9.6
Ultimate Php Board Ultimate Php Board	Version 1.9

References (6)

http://securityreason.com/securityalert/1138

Source: cve@mitre.org

http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt

Source: cve@mitre.org

ExploitURL Repurposed

http://www.securityfocus.com/archive/1/437875/100/0/threaded

Source: cve@mitre.org

http://securityreason.com/securityalert/1138

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitURL Repurposed

http://www.securityfocus.com/archive/1/437875/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.