CVE-2008-1862

Name of the Vulnerable Software and Affected Versions ExBB Italia versions 0.22 and earlier

Description The issue allows remote attackers to bypass a check by using vectors other than GET requests with QUERY STRING, specifically via (1) POST or (2) COOKIE variables. This can be leveraged to conduct PHP remote file inclusion attacks by manipulating the new exbb[home path] or exbb[home path] parameter in the "modules/threadstop/threadstop.php" endpoint.

Recommendations For ExBB Italia versions 0.22 and earlier, as a temporary workaround, consider restricting access to the modules/threadstop/threadstop.php endpoint to minimize the risk of exploitation. Avoid using the new exbb[home path] and exbb[home path] parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.