PT-2006-3659 · Tinybb · Tinybb
Mustafa Can Bjorn Ipekci
+1
·
Published
2006-06-01
·
Updated
2018-10-18
·
CVE-2006-2739
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
tinyBB version 0.3
Description
The issue allows remote attackers to execute arbitrary PHP code via a URL in the
tinybb footers parameter when register globals is enabled. This is a result of a remote file inclusion vulnerability in the footers.php file.Recommendations
For tinyBB version 0.3, consider disabling the
register globals setting to prevent exploitation until a patch is available. Additionally, restrict access to the footers.php file to minimize the risk of arbitrary PHP code execution.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tinybb