|
|
PunBB Multiple Remote SQL Injection and Local File Inclusion Vulnerabilities
|
Multiple vulnerabilities have been identified in PunBB, which could be exploited by remote attackers to execute arbitrary commands.
The first issue is due to an input validation error in the "search.php" script that does not initialize the "result_list" array, which could be exploited in combination with the PHP "Zend_Hash_Del_Key_Or_Index" vulnerability to bypass security restrictions and conduct SQL injection attacks.
The second flaw is due to an input validation error in the "register.php" script that does not validate the "language" parameter before being inserted into the database and used as an inclusion parameter in the "include/common.php" file, which could be exploited by remote attackers to include local files (e.g. uploaded avatars) and execute arbitrary commands with the privileges of the web server.
The third vulnerability is due to input validation errors in various scripts that do not validate certain parameters before being used in SQL statements, which could be exploited by malicious administrators to conduct SQL injection attacks.
PunBB version 1.2.13 and prior
Upgrade to PunBB version 1.2.14 :
http://bfexplorer.sourceforge.net/downloads.php
http://www.vupen.com/english/advisories/2006/4256
http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt
http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities
Vulnerabilities reported by Nms and Smartys
2006-10-30 : Initial release
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
