CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-1800

Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.058

EPSS Ranking 90.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://downloads.securityfocus.com/vulnerabilities/exploits/SimpleBBS-RCE-posts.php.pl
http://www.securityfocus.com/archive/1/430872
http://www.securityfocus.com/bid/17501
http://www.worlddefacers.de/Public/WD-SMPL.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/25788
http://downloads.securityfocus.com/vulnerabilities/exploits/SimpleBBS-RCE-posts.php.pl
http://www.securityfocus.com/archive/1/430872
http://www.securityfocus.com/bid/17501
http://www.worlddefacers.de/Public/WD-SMPL.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/25788

Products affected by CVE-2006-1800

Simplemedia » Simplebbs » Version: 1.0.6

cpe:2.3:a:simplemedia:simplebbs:1.0.6
Simplemedia » Simplebbs » Version: 1.0.7

cpe:2.3:a:simplemedia:simplebbs:1.0.7
Simplemedia » Simplebbs » Version: 1.1

cpe:2.3:a:simplemedia:simplebbs:1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1800

Products

Pricing

Contact Us