ID OSVDB:31276 Type osvdb Reporter OSVDB Modified 2006-11-13T17:27:27
Description
Vulnerability Description
miniBB has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the index.php script not properly sanitizing user input supplied to the 'pathToFiles' variable. However, subsequent examination indicates the variable is previously set before an attacker can manipulate it.
Solution Description
The vulnerability reported is incorrect. No solution required.
Short Description
miniBB has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the index.php script not properly sanitizing user input supplied to the 'pathToFiles' variable. However, subsequent examination indicates the variable is previously set before an attacker can manipulate it.
Vendor URL: http://www.minibb.net/
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0238.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0210.html
ISS X-Force ID: 30253
CVE-2006-7153
{"href": "https://vulners.com/osvdb/OSVDB:31276", "id": "OSVDB:31276", "reporter": "OSVDB", "published": "2006-11-13T17:27:27", "description": "## Vulnerability Description\nminiBB has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the index.php script not properly sanitizing user input supplied to the 'pathToFiles' variable. However, subsequent examination indicates the variable is previously set before an attacker can manipulate it.\n## Solution Description\nThe vulnerability reported is incorrect. No solution required.\n## Short Description\nminiBB has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the index.php script not properly sanitizing user input supplied to the 'pathToFiles' variable. However, subsequent examination indicates the variable is previously set before an attacker can manipulate it.\n## Manual Testing Notes\nhttp://[target]/[Script_Path]/index.php?pathToFiles=Shell.txt?\n## References:\nVendor URL: http://www.minibb.net/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0238.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0210.html\nISS X-Force ID: 30253\n[CVE-2006-7153](https://vulners.com/cve/CVE-2006-7153)\n", "title": "miniBB index.php pathToFiles Variable Remote File Inclusion", "lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "references": [], "edition": 1, "cvelist": ["CVE-2006-7153"], "affectedSoftware": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2017-04-28T13:20:27", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-7153"]}], "modified": "2017-04-28T13:20:27", "rev": 2}, "vulnersScore": 7.2}, "modified": "2006-11-13T17:27:27", "immutableFields": []}
