CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
92.4%
Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php.
Vendor | Product | Version | CPE |
---|---|---|---|
simplemedia | simplebbs | 1.0.6 | cpe:2.3:a:simplemedia:simplebbs:1.0.6:*:*:*:*:*:*:* |
simplemedia | simplebbs | 1.0.7 | cpe:2.3:a:simplemedia:simplebbs:1.0.7:*:*:*:*:*:*:* |
simplemedia | simplebbs | 1.1 | cpe:2.3:a:simplemedia:simplebbs:1.1:*:*:*:*:*:*:* |