CVE-2006-3207

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board (UPB) versions 1.9.6 and earlier

Description The issue allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter. This can be demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling "close.php" with modified id and t id parameters to chmod the script.

Recommendations For Ultimate PHP Board (UPB) versions 1.9.6 and earlier, consider restricting access to the newpost.php file and the close.php file until a patch is available. As a temporary workaround, avoid using the id parameter in the affected API endpoint and restrict the use of the message parameter to prevent injection of malicious scripts.