CVE-2006-3798
DeluxeBB 1.07 and earlier exposes a vulnerability where a remote attacker can set the COOKIE data to overwrite the internal variables _GET, _POST, _ENV, and _SERVER during an extract function call, resulting in pollution of the global namespace and potentially multiple security vulnerabilities. A...