Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to (1) admin_modules.php and (2) modules.php.
Max CVSS
7.5
EPSS Score
1.26%
Published
2009-01-22
Updated
2017-08-08
Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
Max CVSS
7.5
EPSS Score
1.34%
Published
2007-05-30
Updated
2017-10-11
2 vulnerabilities found