CVE-2006-6790

Name of the Vulnerable Software and Affected Versions: Ultimate PHP Board (UPB) versions 2.0b1 and earlier

Description: A direct static code injection issue exists, allowing remote attackers to inject arbitrary PHP code via the username parameter in the chat/login.php file. This injected code is then executed in chat/text.php.

Recommendations: For Ultimate PHP Board (UPB) versions 2.0b1 and earlier, consider disabling the chat functionality until a patch is available to prevent exploitation of the username parameter in chat/login.php. Restrict access to chat/text.php to minimize the risk of arbitrary PHP code execution. Avoid using the username parameter in the affected login functionality until the issue is resolved.