CVE-2006-1800

Name of the Vulnerable Software and Affected Versions SimpleBBS versions 1.0.6 through 1.1

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary files via ".." sequences in the language cookie. This can be demonstrated by injecting code into the gl session cookie of users.php, which is stored in error.log.

Recommendations For SimpleBBS versions 1.0.6 through 1.1, as a temporary workaround, consider restricting access to the language cookie and the gl session cookie in users.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.