Description
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by euronymous · textwebappsphp
https://www.exploit-db.com/exploits/22642
References (2)
Core 2
Core References
Broken Link x_refsource_misc
http://f0kp.iplus.ru/bz/024.en.txt
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105379741528925&w=2
Scores
EPSS
0.0748
EPSS Percentile
91.8%
Details
CWE
CWE-94
Status
published
Products (1)
myupb/ultimate_php_board
1.9
Published
Jul 02, 2003
Tracked Since
Feb 18, 2026