CVE-2006-5511

Name of the Vulnerable Software and Affected Versions JaxUltraBB (JUBB) version 2.0

Description A direct static code injection issue exists due to the ability of remote attackers to inject arbitrary web script, HTML, or PHP code. This is achieved via the contents parameter, whose value is prepended to the file specified by the forum parameter, when register globals is enabled.

Recommendations For JaxUltraBB (JUBB) version 2.0, consider disabling the register globals setting to mitigate the risk of code injection. Additionally, restrict access to the delete.php file to minimize the risk of exploitation. Avoid using the contents parameter in the affected endpoint until the issue is resolved.