CVE-2006-2675

ubb.threads < 6.5.3 - Remote File Inclusion via thispath or configdir Parameters

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2675.

AI-analyzed exploit summary This exploit demonstrates multiple file inclusion vulnerabilities in UBBThreads 5.x and 6.x, allowing remote file inclusion (RFI) and local file inclusion (LFI) via manipulated GET parameters. It also includes an XSS vector through the 'debug' parameter.

Description

PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/1843

View Code ZIP pw:eip

This exploit demonstrates multiple file inclusion vulnerabilities in UBBThreads 5.x and 6.x, allowing remote file inclusion (RFI) and local file inclusion (LFI) via manipulated GET parameters. It also includes an XSS vector through the 'debug' parameter.

Classification

Working Poc 95%

Attack Type

Rce | Info Leak | Xss

Complexity

Trivial

Reliability

Reliable

Target: UBBThreads 5.x, 6.x

No auth needed

Prerequisites: register_globals enabled · PHP version < 4.1.0 for some vectors

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/985

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26866

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/435288/100/0/threaded

Scores

EPSS 0.0247

EPSS Percentile 82.4%

Details

Status published

Products (27)

ubbcentral/ubb.threads 3.4

ubbcentral/ubb.threads 3.5

ubbcentral/ubb.threads 5.0

ubbcentral/ubb.threads 5.5.1

ubbcentral/ubb.threads 6.0

ubbcentral/ubb.threads 6.0.1

ubbcentral/ubb.threads 6.0.2

ubbcentral/ubb.threads 6.0.3

ubbcentral/ubb.threads 6.1

ubbcentral/ubb.threads 6.1.1

... and 17 more

Published May 30, 2006

Tracked Since Feb 18, 2026