| VID |
21498 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PunBB, according to its version number, has various SQL injection vulnerabilities in multiple scripts. PunBB is a freely available, open source PHP-based bulletin board software. PunBB versions 1.2 and 1.2.1 allow a remote attacker to execute arbitrary SQL commands via the language parameter to register.php, change email feature in profile.php, and posts or topics parameter to moderate.php. These SQL injection vulnerabilities could allow a remote attacker to add, modify or delete user information in the database used by PunBB. Systems with the magic_quotes_gpc option enabled in php.ini are vulnerable.
* Note: This check solely relied on the version number of the PunBB installed on the remote web server to assess this vulnerability, so this might be a false positive.
* References:
http://forums.punbb.org/viewtopic.php?id=6460
http://www.punbb.org/changelogs/1.2.1_to_1.2.2.txt
http://www.osvdb.org/displayvuln.php?osvdb_id=14128
http://www.osvdb.org/displayvuln.php?osvdb_id=14129
http://archives.neohapsis.com/archives/bugtraq/2005-02/0430.html
http://www.securitytracker.com/alerts/2005/Feb/1013294.html
* Platforms Affected:
Rickard Andersson, PunBB 1.2 and 1.2.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PunBB (1.2.2 or later), available from the PunBB Web site at http://www.punbb.org/ |
| Related URL |
CVE-2005-0569 (CVE) |
| Related URL |
12652 (SecurityFocus) |
| Related URL |
19473 (ISS) |
|
