Vulnerability Report

CVE-2006-3955

Title: Minibb

Other

Proof Of Concept

PoC Available for CVE-2006-3955

CWE Category NVD-CWE-noinfo
Published Date Aug 01, 2006
Modified Date Apr 03, 2025
Exploit Status Available
Score 7.5 CVSS v2.0
Exploit Probability (EPSS)
8.01%

Vulnerability Summary

CVE-2006-3955: Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php.

Impacted Vendors

M
minibb 1

Reference Links

http://securityreason.com/securityalert/1315 http://securitytracker.com/id?1016557 http://securitytracker.com/id?1016558 http://www.osvdb.org/28674 http://www.osvdb.org/28675 http://www.osvdb.org/28676 http://www.securityfocus.com/archive/1/440839/100/100/threaded http://www.securityfocus.com/archive/1/440875/100/100/threaded http://www.securityfocus.com/bid/19095 https://exchange.xforce.ibmcloud.com/vulnerabilities/27905 http://securityreason.com/securityalert/1315 http://securitytracker.com/id?1016557 http://securitytracker.com/id?1016558 http://www.osvdb.org/28674 http://www.osvdb.org/28675 http://www.osvdb.org/28676 http://www.securityfocus.com/archive/1/440839/100/100/threaded http://www.securityfocus.com/archive/1/440875/100/100/threaded http://www.securityfocus.com/bid/19095 https://exchange.xforce.ibmcloud.com/vulnerabilities/27905
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2006-3955 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/28251
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.