{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-20T14:49:19.811","vulnerabilities":[{"cve":{"id":"CVE-2006-3208","sourceIdentifier":"cve@mitre.org","published":"2006-06-24T01:06:00.000","lastModified":"2026-06-16T22:26:37.593","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified \"configuration fields\" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings.  NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB."},{"lang":"es","value":"Vulnerabilidad de inyección directa de código estático en Ultimate PHP Board (UPB) v1.9.6 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección a através de múltiples \"campos de comfiguración\" sin especificar en (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, o (4) admin_config2.php, que son almacenados como parámetros de configuración  NOTA: este caso puede ser explotado por atacantes remotos aprovechando otras vulnerabilidades en UPB."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.8:*:*:*:*:*:*:*","matchCriteriaId":"8EC70A25-AB74-4088-BB10-3B7748E70EA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"53E41185-4834-4D85-AF2D-7F10AA98481D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.9:*:*:*:*:*:*:*","matchCriteriaId":"76565865-21E3-4007-8624-48FDC000EBF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ultimate_php_board:ultimate_php_board:1.9.6:*:*:*:*:*:*:*","matchCriteriaId":"7869B748-3898-44CA-BA28-B81491241043"}]}]}],"references":[{"url":"http://securityreason.com/securityalert/1138","source":"cve@mitre.org"},{"url":"http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt","source":"cve@mitre.org","tags":["Exploit","URL Repurposed"]},{"url":"http://www.securityfocus.com/archive/1/437875/100/0/threaded","source":"cve@mitre.org"},{"url":"http://securityreason.com/securityalert/1138","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","URL Repurposed"]},{"url":"http://www.securityfocus.com/archive/1/437875/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}