B1G Bulletin Board (b1gBB) has a remote file include vulnerability. A remote attacker could execute arbitrary script code on the web server with the privileges of the server. This can be done via a specially crafted URL request to the 'footer.inc.php' script, using the 'tfooter' parameter to specify a malicious PHP file from a remote system.
B1G Bulletin Board (b1gBB) version 2.24.0 and prior.
System compromise, remote script execution.
Currently we are not aware of any officially supplied fix for this issue.