3 matches found
Remote file inclusion
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERYSTRING for certain path manipulations, which allows remote attackers to bypass this check via 1 POST or 2 COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusi...
CVE-2006-4488
PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbbhomepath parameter...
CVE-2006-4488
ExBB Italia