CVE-2006-1800

Опубликовано: 18 апр. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log.

Ссылки

http://downloads.securityfocus.com/vulnerabilities/exploits/SimpleBBS-RCE-posts.php.pl
Exploit
http://www.securityfocus.com/archive/1/430872
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/17501
Exploit
http://www.worlddefacers.de/Public/WD-SMPL.txt
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/25788
http://downloads.securityfocus.com/vulnerabilities/exploits/SimpleBBS-RCE-posts.php.pl
Exploit
http://www.securityfocus.com/archive/1/430872
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/17501
Exploit
http://www.worlddefacers.de/Public/WD-SMPL.txt
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/25788

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:simplemedia:simplebbs:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:simplemedia:simplebbs:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:simplemedia:simplebbs:1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05778

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7x3w-gm8r-m55v

github

почти 4 года назад