CVE-2007-2317

Name of the Vulnerable Software and Affected Versions MiniBB Forum versions 1.5a and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the absolute path parameter to bb plugins.php in certain components or configuration.php. This can be exploited through different vectors, including components/minibb/ or components/com minibb.

Recommendations For MiniBB Forum versions 1.5a and earlier, consider disabling access to bb plugins.php in components/minibb/ and components/com minibb, and restrict modifications to configuration.php until a fix is available. Avoid using the absolute path parameter in the affected API endpoints until the issue is resolved.