CVE-2006-5137

Groupee UBB.threads 6.5.1.1 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5137. PoCs published by HACKERS PAL.

AI-analyzed exploit summary This exploit targets UBB.threads 6.5.1.1 by leveraging an input validation error to achieve remote command execution. It manipulates the 'config[path]' parameter to include a malicious file, enabling arbitrary command execution via 'calendar.php'.

Description

Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.

Exploits (1)

exploitdb WORKING POC VERIFIED
by HACKERS PAL · phpwebappsphp
https://www.exploit-db.com/exploits/2457

This exploit targets UBB.threads 6.5.1.1 by leveraging an input validation error to achieve remote command execution. It manipulates the 'config[path]' parameter to include a malicious file, enabling arbitrary command execution via 'calendar.php'.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: UBB.threads 6.5.1.1
No auth needed
Prerequisites: Target running UBB.threads 6.5.1.1 · PHP with 'file_get_contents' or 'fopen' enabled · Remote file inclusion vulnerability present
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29274
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1676
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20266
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447359/100/0/threaded

Scores

EPSS 0.0206
EPSS Percentile 78.8%

Details

Status published
Products (1)
ubbcentral/ubb.threads 6.5.1.1
Published Oct 03, 2006
Tracked Since Feb 18, 2026