CVE-2006-6567

Name of the Vulnerable Software and Affected Versions mxBB Knowledge Base (mx kb) module version 2.0.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the module root path parameter. This is a result of a PHP remote file inclusion vulnerability in the includes/kb constants.php file of the Knowledge Base module for mxBB.

Recommendations For version 2.0.2, as a temporary workaround, consider restricting access to the includes/kb constants.php file until a patch is available. Avoid using the module root path parameter in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.