CVE-2009-1948

Unclassified NewsBoard 1.6.4 - Path Traversal and Arbitrary File Read via GLOBALS Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1948. PoCs published by girex.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Unclassified NewsBoard 1.6.4, including SQL injection, log file disclosure, and local file inclusion leading to remote command execution. The PoC provides detailed technical analysis and proof-of-concept payloads for each vulnerability.

Description

Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by girex · textwebappsphp

https://www.exploit-db.com/exploits/8841

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Unclassified NewsBoard 1.6.4, including SQL injection, log file disclosure, and local file inclusion leading to remote command execution. The PoC provides detailed technical analysis and proof-of-concept payloads for each vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli | Info Leak | Rce

Complexity

Moderate

Reliability

Reliable

Target: Unclassified NewsBoard 1.6.4

No auth needed

Prerequisites: register_globals = On for some exploits · magic_quotes_gpc = Off for LFI/RCE

MITRE ATT&CK