Family: CGI abuses --> Category: attack
PunBB < 1.2.6 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Detects multiple vulnerabilities in PunBB < 1.2.6
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected
by multiple vulnerabilities.
The remote version of PunBB contains a flaw in its template system
that can be exploited to read arbitrary local files or, if a possible hacker
can upload a specially-crafted avatar, to execute arbitrary PHP code.
In addition, the application fails to sanitize the 'temp' parameter of
the 'profile.php' script before using it in a database query, which
allows for SQL injection attacks.
See also :
Upgrade to PunBB 1.2.6 or later.
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.