Vulnerability CVE-2006-5511
Published: 2006-10-25   Modified: 2012-02-12

Description:
Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Jaxultrabb -> Jaxultrabb 

 References:
http://attrition.org/pipermail/vim/2006-October/001095.html
http://www.securityfocus.com/bid/20679
https://exchange.xforce.ibmcloud.com/vulnerabilities/29711
https://www.exploit-db.com/exploits/2616
Copyright 2024, cxsecurity.com

 

Back to Top