Ultimate PHP Board Multiple Admin Script Configuration Field Arbitrary PHP Code Execution

2006-06-20T23:16:00
ID OSVDB:27583
Type osvdb
Reporter OSVDB
Modified 2006-06-20T23:16:00

Description

Technical Description

An attacker must supply valid administrative authentication credentials in order to exploit this vulnerability. This can also be exploited by gaining increased privileges via one of the other vulnerabilities in Ultimate PHP Board that do not require authentication.

References:

Vendor URL: http://forum.myupb.com/ Related OSVDB ID: 27578 Related OSVDB ID: 27582 Related OSVDB ID: 27581 Related OSVDB ID: 27579 Related OSVDB ID: 27580 Other Advisory URL: http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0435.html CVE-2006-3208