Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-3207

EPSS 0.28% · P51
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-3207

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ultimate PHP Board newpost.php 目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ultimate PHP Board (UPB) 中的newpost.php 存在目录遍历漏洞。 远程攻击者可以借助 id 参数中的..(点点)序列和尾随的空(%00) 字节,重写任意文件。比如使用message参数中的 "[NR]"序列注入Perl CGI脚本,然后再调用id和t_id参数经过修改的close.php来 chmod脚本。注意: 此问题可能由动态变量评价所致。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-3207

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-3207

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-06-24 · 20 CVEs total

CVE-2006-3208Ultimate PHP Board 直接静态代码注入漏洞
CVE-2006-3217JaguarEdit ActiveX 信息泄露漏洞
CVE-2006-3216SMTP Clearswift MAILsweeper/Exchange MAILsweeper e-mail 多个拒绝服务漏洞
CVE-2006-3215SMTP Clearswift MAILsweeper/Exchange MAILsweeper e-mail 访问控制绕过漏洞
CVE-2006-3214Hitachi Groupmax Address Server/Groupmax Mail Server 未明漏洞
CVE-2006-3213WeBBoA Hosting host/yeni_host.asp SQL注入漏洞
CVE-2006-3212cjGuestbook sign.php 跨站脚本攻击(XSS)漏洞
CVE-2006-3211cjGuestbook sign.php 跨站脚本攻击(XSS)漏洞
CVE-2006-3210Ralf Image Gallery 多个PHP远程文件包含和目录遍历漏洞
CVE-2006-3209Microsoft Windows XP 任务调度程序 权限提升漏洞
CVE-2006-3218Woltlab Burning Board profile.php SQL注入漏洞
CVE-2006-3206Ultimate PHP Board register.php 输入验证漏洞
CVE-2006-3205Ultimate PHP Board cookie 多个输入验证漏洞
CVE-2006-3204Ultimate PHP Board 分组密码 输入验证漏洞
CVE-2006-3203Ultimate PHP Board 安装包 设计错误漏洞
CVE-2006-3222Fortinet FortiGate FTP扫描代理 访问控制绕过漏洞
CVE-2006-3221DataLife Engine index.php SQL注入漏洞
CVE-2006-3220Woltlab Burning Board studienplatztausch.php SQL注入漏洞
CVE-2006-3219Woltlab Burning Board thread.php SQL注入漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-3207

No comments yet

Leave a comment