CVE-2006-2914

Name of the Vulnerable Software and Affected Versions DeluxeBB version 1.06

Description The issue allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to various PHP files, including 'postreply.php', 'posting.php', and 'pm/newpm.php' in both the 'deluxe/' and 'default/' directories.

Recommendations For DeluxeBB version 1.06, as a temporary workaround, consider restricting access to the templatefolder parameter in the affected PHP files until a patch is available. Avoid using the templatefolder parameter in the affected API endpoints, such as 'postreply.php', 'posting.php', and 'pm/newpm.php', until the issue is resolved.