| VID |
21764 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PunBB software which is older than 1.2.10 is detected as installed on the host. PunBB is a freely available, open source PHP-based bulletin board software. PunBB versions prior to 1.2.10 are vulnerable to multiple vulnerabilities, which can be exploited by remote attackers to gain knowledge of sensitive information or conduct cross site scripting and spoofing attacks:
1) An error where the "HTTP_X_FORWARDED_FOR" parameter is improperly trusted, may be exploited to spoof the IP address.
2) An error in the execution of "unregister_globals()" may be exploited to disclose certain unspecified information.
3) An input validation error in the avatar upload handling may exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site by uploading a specially crafted valid image containing embedded HTML and script code.
* Note: This check solely relied on the version number of PunBB installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt
http://forums.punbb.org/viewtopic.php?id=9333
http://www.frsirt.com/english/advisories/2005/2303
http://secunia.com/advisories/17425/
* Platforms Affected:
Rickard Andersson, PunBB versions prior to 1.2.10
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PunBB (1.2.10 or later), available from the PunBB Download Web site at http://www.punbb.org/downloads.php |
| Related URL |
CVE-2005-4686,CVE-2005-4687 (CVE) |
| Related URL |
15322,15326,15328 (SecurityFocus) |
| Related URL |
(ISS) |
|
