CVE-2006-4191

Name of the Vulnerable Software and Affected Versions XMB (Extreme Message Board) versions 1.9.6 and earlier

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using directory traversal sequences in the langfilenew parameter. Attackers can inject PHP sequences into an Apache HTTP Server log file, which is then included by header.php.

Recommendations For XMB (Extreme Message Board) versions 1.9.6 and earlier, as a temporary workaround, consider restricting access to the memcp.php file and the langfilenew parameter to minimize the risk of exploitation. Avoid using the langfilenew parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.