The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: flexera

Published: 2006-06-13T01:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-06-08T00:00:00


Link: CVE-2006-2908

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-06-13T01:02:00.000

Modified: 2018-10-18T16:43:37.527


Link: CVE-2006-2908

JSON object: View

cve-icon Redhat Information

No data.