| VID |
21991 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The UBB.threads software is vulnerable to a command injection vulnerability in the 'admin/doeditconfig.php' script. UBB.Threads is a bulletin board system written in PHP. UBB.Threads version 6.5.1.1 and possible other versions are vulnerable to a command injection vulnerability, caused by improper validation of user-supplied input passed to the 'thispath' and 'config' parameters of the 'admin/doeditconfig.php' script. If the 'register_globals' is enabled, a remote attacker could send a specially-crafted URL request, which could allow the remote attacker modify configuration settings and injecting arbitrary PHP code on the affected host.
* References:
http://www.securityfocus.com/archive/1/archive/1/447359/100/0/threaded
http://archives.neohapsis.com/archives/bugtraq/2006-09/0495.html
http://milw0rm.com/exploits/2457
* Platforms Affected:
Groupee, Inc., UBB.threads versions 6.5.1.1 and possible other versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of UBB.threads (6.5.5 or later), available from the ubbcentral Web site at http://www.ubbcentral.com/ubbthreads/
As a workaround, disable PHP's 'register_globals' setting. |
| Related URL |
CVE-2006-5136 (CVE) |
| Related URL |
20266 (SecurityFocus) |
| Related URL |
29274 (ISS) |
|
