MiniBB PathToFiles Parameter Remote File Include Vulnerability Network Vulnerability

Summary

The remote web server contains a PHP script that is affected by a remote file include issue. Description: The remote web server is running MiniBB, an open source forum software. The version of MiniBB installed on the remote host fails to sanitize input to the 'pathToFiles' parameter before using it in the 'bb_func_txt.php' script. Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker can exploit this issue to view arbitrary files and execute arbitrary code, possibly taken from third-party hosts, on the remote host.

Solution

Update to version 2.0.2a or later.

Severity

Classification

CVE CVE-2006-5673

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

12Planet Chat Server one2planet.infolet.InfoServlet XSS
Afian 'includer.php' Directory Traversal Vulnerability
Apache Rave User Information Disclosure Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
An Image Gallery Multiple Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities