PHP Forum preview. php code execution vulnerability and repair

Affected Versions:

Dynamic Network Forum (DVBBS) PHP 2.0 +

Vulnerability description:

The dynamic network (DVBBS) forum system is a high-performance website forum solution that uses the data architecture of PHP and MYSQL. In the file preview. php: require printout (preview); // 9th rows ...... The printout function is in the file inc/dv_clsmain.php: function printout ($ template, $ ext = "tpl. php ") {// the last line of the 464th file contains the templatesdefault preview. tpl. PHP file ...... In the file templatesdefault preview. tpl. in php: $ theBody = & Dv_CodeProcess ($ theBody, $ tmpuserinfo, Ubblist ($ theBody ). 39, 1, 0); // The 31st row & Dv_CodeProcess function is in the inc/dv_code.php file: function & Dv_CodeProcess (& $ code, & $ currUserInfo, $ ubblists, $ PostType = 1, $ sType = 1) // 332nd rows ...... $ ArrPattern [] = # [urls * = s * ([^] +)] (. *?) [Img] (. + ?) [/Img] (. *?) [/Url] # iesm; // row 415th $ arrRepl [] = <a href = ". str_filter_xss (" $1 ")." target = "_ blank">

$2  $4 </a> ;...... $ Returnval = preg_replace ($ arrPattern, $ arrRepl, $ code); // The 861st row function preg_replace when the regular expression of the first parameter has the e symbol, the string of the second parameter is executed as PHP code.

<* Reference

Http://sebug.net/vulndb/20070/

*> 

Vendor patch: dynamic network forum (dvbbs) -------- the current manufacturer has not provided patches or upgrade programs, we recommend that users who use this software stay tuned to the vendor's home page to get the latest version: http://www.dvbbs.net