CVE-2006-6790

Ultimate PHP Board <2.0b1 - Code Injection

Title source: llm

Description

Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nuffsaid · perlwebappsphp

https://www.exploit-db.com/exploits/2999

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21760

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/data/vulnerabilities/exploits/21760.pl

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/5181

Scores

EPSS 0.0336

EPSS Percentile 87.4%

Details

Status published

Products (1)

ultimate_php_board/ultimate_php_board < 2.0_beta_1

Published Dec 28, 2006

Tracked Since Feb 18, 2026