[原文]Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.
Unclassified NewsBoard unb_lib/abbc.css.php Multiple Parameter Local File Inclusion
Remote / Network Access
Loss of Integrity
Unclassified NewsBoard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to unb_lib/abbc.css.php not properly sanitizing user input supplied to the "ABBC[Config][smileset]" variable. This may allow an attacker access arbitrary local files or include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.
Upgrade to development version (snapshot 2006-05-11) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the 2006-05-11 release without a change in version number. An upgrade is required as there are no known workarounds.