| VID |
21727 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PBLang BBS which is older than version 4.66z is detected as installed on the host. PBLang is a freely available bulletin board system written in PHP. PBLang versions prior to 4.66z are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to bypass certain security restrictions and manipulate sensitive information:
1) Certain users can access restricted forums without proper permissions.
2) Some unspecified errors in the register.php and ucp.php scripts can be exploited to inject code and create a user with administrative privileges.
3) Authenticated users can delete other users' private messages.
* Note: This check solely relied on the version number of PBLang BBS on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://sourceforge.net/project/shownotes.php?release_id=353425
http://secunia.com/advisories/16657/
* Platforms Affected:
Dr. Martinus, PBLang versions prior to 4.66z
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PBLang (4.66z or later), available from the SourceForge.net Web site at https://sourceforge.net/project/showfiles.php?group_id=62953 |
| Related URL |
CVE-2005-3919 (CVE) |
| Related URL |
14728 (SecurityFocus) |
| Related URL |
22111,22112,22113 (ISS) |
|
