| VID |
21707 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PunBB software which is older than 1.2.8 is detected as installed on the host. PunBB is a freely available, open source PHP-based bulletin board software. PunBB versions prior to 1.2.8 are vulnerable to multiple vulnerabilities, which can be exploited by malicious people to conduct arbitrary code execution, local file disclosure, and cross-site scripting attacks:
1) A File Include Vulnerability: Input passed to the the 'language' parameter when a user updates his profile and uses that throughout the application to require PHP code in order to display messages isn't properly sanitized before being returned to the user. A remote attacker can exploit this flaw to run arbitrary PHP code found in files on the affected host.
2) A Cross-Site Scripting Vulnerability: Input passed to the 'email' parameter of the 'login.php' script when requesting a new password isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
* Note: This check solely relied on the version number of PunBB installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt
http://secunia.com/advisories/16908/
* Platforms Affected:
Rickard Andersson, PunBB versions prior to 1.2.8
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PunBB (1.2.8 or later), available from the PunBB Download Web site at http://www.punbb.org/downloads.php |
| Related URL |
CVE-2005-3078 (CVE) |
| Related URL |
14900,14904 (SecurityFocus) |
| Related URL |
22363 (ISS) |
|
