CVE-2006-4631
CVE-2006-4631
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/2300unverifiedexploitdbwww.exploit-db.com/exploits/28488unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://acid-root.new.fr/advisories/10060904.txthttp://secunia.com/advisories/21761http://securityreason.com/securityalert/1521http://securitytracker.com/id?1016785https://exchange.xforce.ibmcloud.com/vulnerabilities/28749https://www.exploit-db.com/exploits/2300http://www.osvdb.org/28579http://www.securityfocus.com/archive/1/445087/100/0/threadedhttp://www.vupen.com/english/advisories/2006/3478