| VID |
21726 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PBLang BBS which is older or as old as than version 4.65 is detected as installed on the host. PBLang is a freely available bulletin board system written in PHP. PBLang version 4.65 and earlier versions are vulnerable to the following vulnerabilities:
1) HTML Injection Vulnerability in the pmpshow.php script
2) Cross-Site Scripting Vulnerability in the search.php script
3) Remote PHP Script Injection Vulnerability in the ucp.php script
4) Directory Traversal Vulnerability in the sendpm.php script
5) Arbitrary Personal Message Deletion Vulnerability in the delpm.php script
* Note: This check solely relied on the version number of PBLang BBS on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/14379/
http://www.securitytracker.com/alerts/2005/Feb/1013277.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0015.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0019.html
* Platforms Affected:
Dr. Martinus, PBLang version 4.65 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PBLang (4.66t or later), available from the SourceForge.net Web site at https://sourceforge.net/project/showfiles.php?group_id=62953 |
| Related URL |
CVE-2005-0526,CVE-2005-0630,CVE-2005-0631 (CVE) |
| Related URL |
12631,12633,12666,12690,12694 (SecurityFocus) |
| Related URL |
19451,19544,19552 (ISS) |
|
