Unrated severityNVD Advisory· Published Oct 25, 2006· Updated Apr 23, 2026

CVE-2006-5511

Description

Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.

Affected products

Jaxultrabb/Jaxultrabb
cpe:2.3:a:jaxultrabb:jaxultrabb:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

attrition.org/pipermail/vim/2006-October/001095.htmlnvdExploit
www.securityfocus.com/bid/20679nvdExploit
exchange.xforce.ibmcloud.com/vulnerabilities/29711nvd
www.exploit-db.com/exploits/2616nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000