CVE-2006-3203

The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt	Exploit Patch
http://securityreason.com/securityalert/1138	Exploit
http://www.securityfocus.com/archive/1/437875/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.9.6:::::::*
	cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.8:::::::*
	cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.8.2:::::::*
	cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.9:::::::*

Information

Published : 2006-06-23 18:06

Updated : 2018-10-18 09:46

NVD link : CVE-2006-3203

Mitre link : CVE-2006-3203

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

ultimate_php_board

ultimate_php_board

10.0 /10