CVE-2005-4135

Name of the Vulnerable Software and Affected Versions SimpleBBS versions 1.1 and earlier

Description A direct static code injection issue allows remote attackers to execute arbitrary commands. This is achieved by injecting shell metacharacters in the Host header, possibly through the name parameter or variable, which is then written to data/topics.php.

Recommendations For SimpleBBS versions 1.1 and earlier, consider restricting access to the includes/newtopic.php file until a patch is available. As a temporary workaround, avoid using the name parameter or variable in the affected API endpoint, and restrict the use of shell metacharacters in the Host header to minimize the risk of exploitation.