CVE-2006-5137
Groupee UBB.threads 6.5.1.1 - Code Injection
Title source: llmDescription
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by HACKERS PAL · phpwebappsphp
https://www.exploit-db.com/exploits/2457
References (4)
Scores
EPSS
0.0317
EPSS Percentile
86.7%
Classification
Status
draft
Affected Products (1)
ubbcentral/ubb.threads
Timeline
Published
Oct 03, 2006
Tracked Since
Feb 18, 2026