CVE-2006-3208

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board (UPB) versions 1.9.6 and earlier

Description The issue allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified configuration fields in admin chatconfig.php, admin configcss.php, admin config.php, or admin config2.php, which are stored as configuration settings. This can be exploited by remote attackers by leveraging other vulnerabilities in UPB.

Recommendations For Ultimate PHP Board (UPB) versions 1.9.6 and earlier, consider restricting access to the configuration fields in the affected files until a patch is available. As a temporary workaround, limit the privileges of administrators to minimize the risk of exploitation.