CVE-2006-3690
published 2006-07-21CVE-2006-3690: Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.77%
88.6th percentile
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| minibb | forum | — | — |
| minibb | minibb | <= 1.5a | — |
| tosmo_mambo | tosmo_mambo | <= 4.0.12 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vjc2-23hc-65cq: Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1
ghsa_unreviewed·2022-05-01
CVE-2006-3690 [HIGH] GHSA-vjc2-23hc-65cq: Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.
GHSA
GHSA-fx6p-j7rc-gxcx: Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-2317 [HIGH] GHSA-fx6p-j7rc-gxcx: Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.
No detection rules found.
No writeups or analysis indexed.
http://advisories.echo.or.id/adv/adv39-matdhule-2006.txthttp://securityreason.com/securityalert/1245http://securitytracker.com/id?1016507http://www.osvdb.org/28594http://www.securityfocus.com/archive/1/440132/100/0/threadedhttp://www.securityfocus.com/bid/18998https://exchange.xforce.ibmcloud.com/vulnerabilities/27749https://www.exploit-db.com/exploits/2030http://advisories.echo.or.id/adv/adv39-matdhule-2006.txthttp://securityreason.com/securityalert/1245http://securitytracker.com/id?1016507http://www.osvdb.org/28594http://www.securityfocus.com/archive/1/440132/100/0/threadedhttp://www.securityfocus.com/bid/18998https://exchange.xforce.ibmcloud.com/vulnerabilities/27749https://www.exploit-db.com/exploits/2030
2006-07-21
Published