CVE-2006-6790 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2006-6790

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.

Affected Software

Name	Vendor	Start Version	End Version
Ultimate_php_board	Ultimate_php_board	*	2.0_beta_1 (including)

References

http://www.securityfocus.com/bid/21760
http://www.securityfocus.com/data/vulnerabilities/exploits/21760.pl
http://www.vupen.com/english/advisories/2006/5181
http://www.securityfocus.com/bid/21760
http://www.securityfocus.com/data/vulnerabilities/exploits/21760.pl
http://www.vupen.com/english/advisories/2006/5181