|
|
Pearl Forums Remote SQL Injection and Directory Traversal Issues
|
Multiple vulnerabilities were identified in Pearl Forums, which may be exploited by malicious users to conduct directory traversal and SQL injection attacks.
This first issue is due to an input validation error in the "index.php" script that does not properly filter a specially crafted "forumsId" and "topicId" parameters, which may be exploited by malicious users to conduct SQL injection attacks.
The second flaw is due to an input validation error in the "index.php" script when processing a specially crafted "mode" parameter, which may be exploited by remote attackers to disclose the contents of arbitrary files.
Pearl Forums version version 2.4 and prior
VUPEN Security is not aware of any vendor-supplied patch.
http://www.vupen.com/english/advisories/2005/2426
http://www.vupen.com/exploits/20051112.wfdownloads.php
Vulnerabilities reported by Abducter
2005-11-15 : Initial release
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
