CVE-2000-0332

UltraBoard 1.6 - Unauthenticated Arbitrary File Read via Null Byte in Pathname

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0332. PoCs published by Rudi Carell.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in UltraBoard 1.6 by using '../' and a null byte to access arbitrary files on the server. The attack is executed via a crafted URL query parameter.

Description

UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rudi Carell · textremotecgi

https://www.exploit-db.com/exploits/19890

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in UltraBoard 1.6 by using '../' and a null byte to access arbitrary files on the server. The attack is executed via a crafted URL query parameter.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: UltraBoard 1.6 (and possibly all 1.x versions)

No auth needed

Prerequisites: Knowledge of the target file's relative path from the webroot

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/4065

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/1309

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail%40hotmail.com

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1164

Scores

EPSS 0.0326

EPSS Percentile 86.8%

Details

Status published

Products (1)

ultrascripts/ultraboard 1.6

Published May 03, 2000

Tracked Since Feb 18, 2026