CVE-2006-6633

YapBB <1.2 Beta2 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2594

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/20615

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29667

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2594

Scores

EPSS 0.0534

EPSS Percentile 89.9%

Classification

Status draft

Affected Products (3)

yapbb/yapbb < 1.2_beta2

yapbb/yapbb

Timeline

Published Dec 18, 2006

Tracked Since Feb 18, 2026