CyBoards PHP Lite Multiple Remote Vulnerabilities

CyBoards PHP Lite Multiple Remote Vulnerabilities

CyBoards PHP Lite is prone to multiple vulnerabilities, including cross-site scripting, local file-include, and remote file-include issues.

Attackers can exploit the issues to:

- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- steal cookie-based authentication credentials
- view files and execute local scripts in the context of the webserver process
- execute arbitrary server-side script code on an affected computer in the context of the webserver process

These issues affect CyBoards PHP Lite 1.21; other versions may also be affected.