PT-2006-5351 · Apache+1 · Apache Http Server+1
Rgod
·
Published
2006-09-06
·
Updated
2024-01-26
·
CVE-2006-4558
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
DeluxeBB versions 1.06 and earlier
Description
The issue allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the
fileupload parameter in a newthread action in newpost.php, specifically when run on the Apache HTTP Server with the mod mime module.Recommendations
For DeluxeBB versions 1.06 and earlier, consider restricting access to the
newpost.php file or disabling the file upload functionality via the fileupload parameter until a fix is available. Additionally, restricting the use of double extensions in file uploads can help mitigate the risk of exploitation.Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Http Server
Deluxebb