Vulnerability Database

308,379

Total vulnerabilities in the database

CVE-2006-3208

Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB.

Published: Jun 24, 2006
Updated: Nov 9, 2025
CVE: CVE-2006-3208
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ultimate_php_board / ultimate_php_board	1.9.6	1.9.6.x
ultimate_php_board / ultimate_php_board	1.8	1.8.x
ultimate_php_board / ultimate_php_board	1.8.2	1.8.2.x
ultimate_php_board / ultimate_php_board	1.9	1.9.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo