Ultimate Bulletin Board Arbitrary Command Execution Vulnerability

Solution:
A quick fix is to add "$" to the end of the expression, ie:

if ($ThreadFile =~ /\d\d\d\d\d\d\.ubb$/) { ...

This will require that the value of $Threadfile end in ".ubb" to match.

This vulnerability was verified to have been fixed in the shareware version (and presumably the commercial as well).



 

Privacy Statement
Copyright 2010, SecurityFocus