Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Minibb
  • Forum

Configuration 1 [-]

cpe:2.3:a:minibb:forum:1.5a:*:*:*:*:*:*:*

No data.

References
Link Providers
http://advisories.echo.or.id/adv/adv39-matdhule-2006.txt cve-icon cve-icon
http://securityreason.com/securityalert/1245 cve-icon cve-icon
http://securitytracker.com/id?1016507 cve-icon cve-icon
http://www.osvdb.org/28594 cve-icon cve-icon
http://www.securityfocus.com/archive/1/440132/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/18998 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/27749 cve-icon cve-icon
https://www.exploit-db.com/exploits/2030 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-18T21:00:00

Updated: 2024-08-07T18:39:53.575Z

Reserved: 2006-07-18T00:00:00

Link: CVE-2006-3690

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-07-21T14:03:00.000

Modified: 2024-11-21T00:14:11.730

Link: CVE-2006-3690

cve-icon Redhat

No data.