CVE-2006-3690

Name of the Vulnerable Software and Affected Versions MiniBB Forum versions 1.5a and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the absolute path parameter to API endpoints such as "components/com minibb.php" or "components/minibb/index.php".

Recommendations For MiniBB Forum versions 1.5a and earlier, consider restricting access to the components/com minibb.php and components/minibb/index.php API endpoints until a patch is available. Avoid using the absolute path parameter in these endpoints to minimize the risk of exploitation.