CVE-2006-4631 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-4631
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4631

Description: Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28749 ST 1016785 SREASON http://securityreason.com/securityalert/1521 SAID Secunia Advisory: SA21761 OSVDB 28579 MISC http://acid-root.new.fr/advisories/10060904.txt MILW0RM http://milw0rm.com/exploits/2300 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/445087/100/0/threaded

Return to the previous page.