Total vulnerabilities in the database
register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records.
| Software | From | Fixed in |
|---|---|---|
| ultimate_php_board / ultimate_php_board | 1.9.6 | 1.9.6.x |
| ultimate_php_board / ultimate_php_board | 1.8 | 1.8.x |
| ultimate_php_board / ultimate_php_board | 1.8.2 | 1.8.2.x |
| ultimate_php_board / ultimate_php_board | 1.9 | 1.9.x |