3 matches found
CVE-2005-4135
CVE-2005-4135 affects SimpleBBS 1.1 and earlier. The vulnerability is a direct static code injection in includes/newtopic.php that allows remote code execution via shell metacharacters in the Host header (potentially the name parameter or variable), which is then written to data/topics.php. This ...
CVE-2006-1800
CVE-2006-1800 affects SimpleBBS 1.0.6–1.1, where a directory-traversal flaw in posts.php allows remote attackers to include and execute arbitrary files. The root cause is directory traversal via ".." sequences in the language cookie, demonstrated by injecting code into the gl_session cookie of us...
CVE-2005-4027
CVE-2005-4027 affects SimpleBBS 1.1. The issue is a SQL injection vulnerability reported to allow remote attackers to execute arbitrary SQL commands via unspecified search module parameters. The provided sources list a CVSS2 base score of 7.5 (HIGH) with network attack vector, low complexity, and...