Intrusion Prevention

UBB.threads.Addpost.newpoll.PHP.Remote.File.Inclusion

Description

PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.

Affected Products

UBB.threads version 6.5.2 and prior.

Impact

Execute arbitrary PHP code.

Recommended Actions

Upgrade to UBB.threads version 6.5.3 or later :
http://www.infopop.com/members/members.php

CVE References

CVE-2006-2568