AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2006-5511: Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, all

infovulnerability

security

Source: NVD/CVE DatabaseOctober 25, 2006CVE-2006-5511

Summary

JaxUltraBB (JUBB) 2.0 has a direct static code injection vulnerability (a weakness that lets attackers insert malicious code) in its delete.php file when register_globals is enabled (a PHP setting that automatically creates variables from user input). Remote attackers can inject arbitrary web script, HTML, or PHP code through the contents parameter, which gets added to a file specified by the forum parameter.

Vulnerability Details

CVSS Score

2.6

EPSS (30-day exploit probability)

EPSS: 4.7%

Classification

Attack SophisticationTrivial

Original source: https://nvd.nist.gov/vuln/detail/CVE-2006-5511

First tracked: February 15, 2026 at 08:42 PM

Classified by LLM (prompt v3) · confidence: 95%