CVE-2006-6568

Name of the Vulnerable Software and Affected Versions mxBB Knowledge Base (mx kb) module version 2.0.2

Description The issue allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter, potentially leading to directory traversal attacks. This could enable attackers to access sensitive files or execute malicious code.

Recommendations For version 2.0.2, consider restricting access to the includes/kb constants.php file until a patch is available. As a temporary workaround, avoid using the phpEx parameter in the affected module until the issue is resolved.