| VID |
210009 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The miniBB program is vulnerable to a remote file include vulnerability via the 'pathToFiles' parameter. miniBB is a freely available forum management system written by PHP. miniBB version 2.0.2 and earlier versions are vulnerable to a remote file include vulnerability, caused by improper validation of user-supplied input passed to the 'pathToFiles' parameter of the 'bb_func_txt.php' script. If the register_globals is enabled, a remote attacker could send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://www.milw0rm.com/exploits/2655
http://secunia.com/advisories/22596/
* Platforms Affected:
Paul Puzyrev and Sergei Larionov, miniBB version 2.0.2 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of miniBB (2.0.2a or later), available from the miniBB Download Web site at http://www.minibb.net/download.html |
| Related URL |
CVE-2006-5673 (CVE) |
| Related URL |
20757 (SecurityFocus) |
| Related URL |
29831 (ISS) |
|
