CVE-2006-2914

DeluxeBB 1.06 - RCE

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Andreas Sandblad · textwebappsphp
https://www.exploit-db.com/exploits/1916

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438597/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26460
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27090
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18455
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20152
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016309
Exploit, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2006-44/advisory
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2347
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26463
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26462
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437228/100/100/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1134
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26459
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26461
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/26458

Scores

EPSS 0.0776
EPSS Percentile 92.0%

Details

Status published
Products (1)
deluxebb/deluxebb 1.06
Published Jun 23, 2006
Tracked Since Feb 18, 2026