| VID |
21705 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PunBB software which is older than 1.2.7 is detected as installed on the host. PunBB is a freely available, open source PHP-based bulletin board software. PunBB versions prior to 1.2.7 are vulnerable to multiple vulnerabilities, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks:
1) Multiple SQL Injection Vulnerabilities: Input passed to the 'search_id' parameter of the 'search' script as well as an unspecified parameter in one of the admin scripts isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "register_globals" is enabled.
2) A Cross-Site Scripting Vulnerability: Input passed to 'url' BBcode tags isn't properly sanitized before using it in a post. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
* Note: This check solely relied on the version number of PunBB installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.punbb.org/changelogs/1.2.6_to_1.2.7.txt
http://secunia.com/advisories/16775/
* Platforms Affected:
Rickard Andersson, PunBB versions prior to 1.2.7
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PunBB (1.2.7 or later), available from the PunBB Download Web site at http://www.punbb.org/downloads.php |
| Related URL |
CVE-2005-2193 (CVE) |
| Related URL |
14806,14808 (SecurityFocus) |
| Related URL |
22236,22234 (ISS) |
|
