Unrated severityNVD Advisory· Published Aug 17, 2006· Updated Apr 16, 2026

CVE-2006-4191

Description

Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.

Affected products

Xmb Software/Extreme Message Board
cpe:2.3:a:xmb_software:extreme_message_board:*:*:*:*:*:*:*:*
Range: <=1.9.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

retrogod.altervista.org/xmb_196_sql.htmlnvdExploit
secunia.com/advisories/21293nvdExploitVendor Advisory
www.securityfocus.com/bid/19501nvdExploit
securityreason.com/securityalert/1411nvd
www.securityfocus.com/archive/1/443167/100/0/threadednvd
www.securityfocus.com/bid/19494nvd
docs.xmbforum2.com/index.phpnvd
exchange.xforce.ibmcloud.com/vulnerabilities/28356nvd
www.exploit-db.com/exploits/2178nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000