The host is running DeluxeBB and is prone to multiple vulnerabilities.

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application.

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

The flaws are due to: - Improper sanitization of user supplied input in the 'page' parameter in 'misc.php'. - Improperly controlled computation in 'tools.php' that leads to a denial of service (CPU or memory consumption). - Web root with insufficient access control, which allows to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in 'templates/including', 'logs/cp.php', 'images/', 'templates/deluxe/admincp/', 'templates/corporate/admincp/', 'logs/including' 'templates/blue/admincp/','wysiwyg/', 'docs/', 'classes/', 'lang/ ' and 'settings/'.

DeluxeBB version 1.3 and prior.

• http://www.exploit-db.com/exploits/10598
• http://xforce.iss.net/xforce/xfdb/54975
• http://xforce.iss.net/xforce/xfdb/54977
• http://xforce.iss.net/xforce/xfdb/54980

---

Updated on 2015-03-25