CVE-2006-5137

🗓️ 02 Oct 2006 20:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 286 Views🌐 WEB

CVE-2006-5137: Code injection in Groupee UBB.threads 6.5.1.

Reporter	Title	Published	Views	Family All 5
Tenable Nessus	UBB.threads < 6.5.2 Beta 2 XSS / SQL Injection	24 Jun 200500:00	–	nessus
Tenable Nessus	UBB.threads doeditconfig Arbitrary Command Injection	30 Sep 200600:00	–	nessus
Cvelist	CVE-2006-5137	2 Oct 200620:00	–	cvelist
EUVD	EUVD-2006-5122	7 Oct 202500:30	–	euvd
NVD	CVE-2006-5137	3 Oct 200604:03	–	nvd

NVD

Node

ubbcentral ubb.threadsMatch6.5.1.1

Source	Link
securityreason	www.securityreason.com/securityalert/1676
securityfocus	www.securityfocus.com/bid/20266
securityfocus	www.securityfocus.com/archive/1/447359/100/0/threaded
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/29274

Parameter	Position	Path	Description	CWE
theme[]	request body	admin/doedittheme.php	PHP code injection via theme[] parameter.
config[]	request body	admin/doeditconfig.php	PHP code injection via config[] parameter.
config[path]	request body	admin/doeditconfig.php	Injection of a URL in config[path] which can be used to execute code via dorateuser.php or calendar.php.
<URL from config[path]>	nested	dorateuser.php	Code execution triggered by loading a URL specified in config[path].
<URL from config[path]>	nested	calendar.php	Code execution triggered by loading a URL specified in config[path].

23 Apr 2026 00:35Current

7.6High risk

Vulners AI Score7.6

CVSS 25.1

EPSS0.03174

cve code injection groupee ubb.threads security vulnerability remote attack