PHP Remote File Inclusion Vulnerability in Bulletin Board Ace by BBaCE
CVE-2006-5187

Currently unrated

Key Information:

Vendor: Bulletin Board Ace
Status: Bulletin Board Ace
Vendor: CVE Published:; 10 October 2006

🔔 Create Bulletin Board Ace Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2006-5187?

A PHP remote file inclusion vulnerability in the includes/functions.php file within Bulletin Board Ace (BBaCE) version 3.5 and earlier versions exposes the system to potential exploitation. This flaw allows remote attackers to inject and execute arbitrary PHP code by manipulating the phpbb_root_path parameter. Successful exploitation can lead to unauthorized access, data leakage, or a complete takeover of the affected application, emphasizing the importance of applying security patches and proper configuration.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-5187 - Proof of Concept

References

http://www.vupen.com/english/advisories/2006/3887

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/29315

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/20302

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 10, 2006
👾
Exploit known to exist
Oct 10, 2006
Vulnerability published
Oct 10, 2006
Vulnerability Reserved
Oct 6, 2006

CVE-2006-5187 Data

JSON