PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters.
Conclusion & alert: CVE-2006-2675 is rated High Exploit Risk (63/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.68%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| 1843 | exploit_db | edb | 2006-05-28 | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-03-30 | 2.21% | 1.68% | -0.53% |
| 2 | 2025-03-29 | 1.68% | 2.21% | +0.53% |
| 3 | 2025-03-17 | — | 1.68% | — |
Full EPSS history (7 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.1 | 2.0 | MEDIUM |
|
4.9 | 6.4 | [email protected] |
: Successful exploitation requires that "register_globals" is enabled.
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| ubbcentral | ubb.threads | <= 6.5.3 | cpe:2.3:a:ubbcentral:ubb.threads:*:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 3.4 | cpe:2.3:a:ubbcentral:ubb.threads:3.4:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 3.5 | cpe:2.3:a:ubbcentral:ubb.threads:3.5:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 5.0 | cpe:2.3:a:ubbcentral:ubb.threads:5.0:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 5.5.1 | cpe:2.3:a:ubbcentral:ubb.threads:5.5.1:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.0 | cpe:2.3:a:ubbcentral:ubb.threads:6.0:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.0.1 | cpe:2.3:a:ubbcentral:ubb.threads:6.0.1:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.0.2 | cpe:2.3:a:ubbcentral:ubb.threads:6.0.2:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.0.3 | cpe:2.3:a:ubbcentral:ubb.threads:6.0.3:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.1 | cpe:2.3:a:ubbcentral:ubb.threads:6.1:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.1.1 | cpe:2.3:a:ubbcentral:ubb.threads:6.1.1:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.2 | cpe:2.3:a:ubbcentral:ubb.threads:6.2:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.2.1 | cpe:2.3:a:ubbcentral:ubb.threads:6.2.1:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.2.2 | cpe:2.3:a:ubbcentral:ubb.threads:6.2.2:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.2.3 | cpe:2.3:a:ubbcentral:ubb.threads:6.2.3:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.3 | cpe:2.3:a:ubbcentral:ubb.threads:6.3:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.3.1 | cpe:2.3:a:ubbcentral:ubb.threads:6.3.1:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.4 | cpe:2.3:a:ubbcentral:ubb.threads:6.4:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.4.1 | cpe:2.3:a:ubbcentral:ubb.threads:6.4.1:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.4.2 | cpe:2.3:a:ubbcentral:ubb.threads:6.4.2:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.4.3 | cpe:2.3:a:ubbcentral:ubb.threads:6.4.3:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.4.4 | cpe:2.3:a:ubbcentral:ubb.threads:6.4.4:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.5 | cpe:2.3:a:ubbcentral:ubb.threads:6.5:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.5.1 | cpe:2.3:a:ubbcentral:ubb.threads:6.5.1:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.5.1.1 | cpe:2.3:a:ubbcentral:ubb.threads:6.5.1.1:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.5.2 | cpe:2.3:a:ubbcentral:ubb.threads:6.5.2:*:*:*:*:*:*:* |
| ubbcentral | ubb.threads | 6.5.2_beta2 | cpe:2.3:a:ubbcentral:ubb.threads:6.5.2_beta2:*:*:*:*:*:*:* |