| VID |
21728 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PBLang BBS which is older or as old as than version 4.66z is tested as installed on the host. PBLang is a freely available bulletin board system written in PHP. PBLang version 4.66z and earlier versions are vulnerable to multiple vulnerabilities, including remote code execution, directory traversal, information disclosure, cross-site scripting, and path disclosure as follows:
1) Remote Code Execution Vulnerability: When a remote user registers a new username, a file containing user-supplied input is created in the '/db/members' directory. A remote user can supply a specially crafted 'location' value to cause arbitrary PHP code to be injected into the file.
2) Directory Traversal Vulnerability in the setcookie.php script
3) Cross-Site Scripting Vulnerability in the setcookie.php script
4) Physical Path Disclosure Vulnerability in the setcookie.php script
* References:
http://rgod.altervista.org/pblang465.html
http://archives.neohapsis.com/archives/bugtraq/2005-09/0078.html
http://securitytracker.com/alerts/2005/Sep/1014861.html
* Platforms Affected:
Dr. Martinus, PBLang version 4.66z and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of October 2005.
Upgrade to a version of PBLang greater than 4.66z, when new fixed version becomes available from the SourceForge.net Web site at https://sourceforge.net/project/showfiles.php?group_id=62953 |
| Related URL |
CVE-2005-2892,CVE-2005-2894 (CVE) |
| Related URL |
14765,14766 (SecurityFocus) |
| Related URL |
22185,22187,22189,22190,22191 (ISS) |
|
