Vulnerability Details CVE-2006-5154
PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/22176
- http://www.deluxebb.com/community/topic.php?tid=420
- http://www.osvdb.org/29371
- http://www.securityfocus.com/bid/20292
- http://www.vupen.com/english/advisories/2006/3857
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29305
- http://secunia.com/advisories/22176
- http://www.deluxebb.com/community/topic.php?tid=420
- http://www.osvdb.org/29371
- http://www.securityfocus.com/bid/20292
- http://www.vupen.com/english/advisories/2006/3857
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29305
Products affected by CVE-2006-5154
-
cpe:2.3:a:deluxebb:deluxebb:1.0
-
cpe:2.3:a:deluxebb:deluxebb:1.05
-
cpe:2.3:a:deluxebb:deluxebb:1.06
-
cpe:2.3:a:deluxebb:deluxebb:1.07
-
cpe:2.3:a:deluxebb:deluxebb:1.08
-
cpe:2.3:a:deluxebb:deluxebb:1.09