AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2008-2966: Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbit

infovulnerability

security

Source: NVD/CVE DatabaseJuly 2, 2008CVE-2008-2966

Summary

A directory traversal vulnerability (a flaw allowing attackers to access files outside their intended directory by using special path sequences like '..' to navigate backwards) exists in JaxUltraBB 2.0 and earlier. An attacker can exploit this through the viewprofile.php file by manipulating the user parameter to read arbitrary local files on the affected system.

Vulnerability Details

CVSS Score

7.5

EPSS (30-day exploit probability)

EPSS: 3.3%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-22

CAPEC (Attack Pattern)

CAPEC-126

Original source: https://nvd.nist.gov/vuln/detail/CVE-2008-2966

First tracked: February 15, 2026 at 08:42 PM

Classified by LLM (prompt v3) · confidence: 95%