CVE-2006-3528
published 2006-07-12CVE-2006-3528: Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.55%
87.9th percentile
Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) image_upload.php and (2) file_upload.php.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jan_de_graaff | com_simpleboard | <= 1.0.1 | — |
| jan_de_graaff | com_simpleboard | — | — |
| jan_de_graaff | com_simpleboard | — | — |
| jan_de_graaff | com_simpleboard | — | — |
| jan_de_graaff | com_simpleboard | — | — |
| joomlaboard | joomlaboard | <= 1.1.1 | — |
| mamboxchange | simpleboard | <= 1.1.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jp39-57p8-4mrp: Unrestricted file upload vulnerability in image_upload
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2008-6814 [MEDIUM] CWE-20 GHSA-jp39-57p8-4mrp: Unrestricted file upload vulnerability in image_upload
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
GHSA
GHSA-4gp7-fj67-x927: Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1
ghsa_unreviewed·2022-05-01
CVE-2006-3528 [MEDIUM] CWE-94 GHSA-4gp7-fj67-x927: Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1
Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) image_upload.php and (2) file_upload.php.
GHSA
GHSA-45p2-wvwv-xfr9: Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2006-5043 [MEDIUM] CWE-94 GHSA-45p2-wvwv-xfr9: Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=115876919804966&w=2http://secunia.com/advisories/20981http://securitytracker.com/id?1016824http://www.osvdb.org/27421http://www.osvdb.org/28531http://www.securityfocus.com/archive/1/445716/100/0/threadedhttp://www.securityfocus.com/bid/18917http://www.vupen.com/english/advisories/2006/2716https://www.exploit-db.com/exploits/1994http://marc.info/?l=bugtraq&m=115876919804966&w=2http://secunia.com/advisories/20981http://securitytracker.com/id?1016824http://www.osvdb.org/27421http://www.osvdb.org/28531http://www.securityfocus.com/archive/1/445716/100/0/threadedhttp://www.securityfocus.com/bid/18917http://www.vupen.com/english/advisories/2006/2716https://www.exploit-db.com/exploits/1994
2006-07-12
Published