WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software.

Remote attackers may gain local, interactive access to the host with the privileges of the webserver process as a result of successful exploitation.

Remote: Yes

Exploit: http://online.securityfocus.com/data...bbbsexploit.pl

Source: http://www.xatrix.org/article1638.html