CVE-2006-3475

EPSS 8.0%

Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998.

Affected products

n/a · n/a

public PoCs found — 7

exploitdbwww.exploit-db.com/exploits/28151unverified exploitdbwww.exploit-db.com/exploits/28152unverified exploitdbwww.exploit-db.com/exploits/28153unverified exploitdbwww.exploit-db.com/exploits/28154unverified exploitdbwww.exploit-db.com/exploits/28155unverified exploitdbwww.exploit-db.com/exploits/28156unverified exploitdbwww.exploit-db.com/exploits/28150unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securityreason.com/securityalert/1233 http://securitytracker.com/id?1016433 https://exchange.xforce.ibmcloud.com/vulnerabilities/27040 http://www.osvdb.org/28059 http://www.osvdb.org/28060 http://www.osvdb.org/28061 http://www.osvdb.org/28062 http://www.osvdb.org/28063 http://www.osvdb.org/28064 http://www.osvdb.org/28065 http://www.securityfocus.com/archive/1/438951/100/0/threaded http://www.securityfocus.com/archive/1/453293/100/0/threaded