CVE-2006-5154

DeluxeBB <1.09 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r0ut3r · textwebappsphp

https://www.exploit-db.com/exploits/28736

View Code ZIP pw:eip

References (6)

Core 6

Core References

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20292

Patch, URL Repurposed x_refsource_confirm

http://www.deluxebb.com/community/topic.php?tid=420

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/29371

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22176

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3857

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/29305

Scores

EPSS 0.1015

EPSS Percentile 93.1%

Details

Status published

Products (6)

deluxebb/deluxebb 1.0

deluxebb/deluxebb 1.05

deluxebb/deluxebb 1.06

deluxebb/deluxebb 1.07

deluxebb/deluxebb 1.08

deluxebb/deluxebb 1.09

Published Oct 05, 2006

Tracked Since Feb 18, 2026