CVE-2006-2914

DeluxeBB 1.06 - Remote File Inclusion via Templatefolder Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2914. PoCs published by Andreas Sandblad.

AI-analyzed exploit summary The code describes a local file inclusion (LFI) vulnerability in DeluxeBB due to improper verification of the 'templatefolder' parameter. It provides examples of exploitable URLs but does not include executable exploit code.

Description

PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Andreas Sandblad · textwebappsphp
https://www.exploit-db.com/exploits/1916

The code describes a local file inclusion (LFI) vulnerability in DeluxeBB due to improper verification of the 'templatefolder' parameter. It provides examples of exploitable URLs but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: DeluxeBB (version not specified)
No auth needed
Prerequisites: Access to the vulnerable DeluxeBB instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438597/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26460
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27090
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18455
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20152
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016309
Exploit, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2006-44/advisory
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2347
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26463
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26462
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437228/100/100/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1134
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26459
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26461
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26458

Scores

EPSS 0.2030
EPSS Percentile 97.1%

Details

Status published
Products (1)
deluxebb/deluxebb 1.06
Published Jun 23, 2006
Tracked Since Feb 18, 2026