|
|
Family: CGI abuses --> Category: attack
PunBB < 1.2.6 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Detects multiple vulnerabilities in PunBB < 1.2.6
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected
by multiple vulnerabilities.
Description :
The remote version of PunBB contains a flaw in its template system
that can be exploited to read arbitrary local files or, if a possible hacker
can upload a specially-crafted avatar, to execute arbitrary PHP code.
In addition, the application fails to sanitize the 'temp' parameter of
the 'profile.php' script before using it in a database query, which
allows for SQL injection attacks.
See also :
http://www.hardened-php.net/advisory-082005.php
http://www.hardened-php.net/advisory-092005.php
Solution :
Upgrade to PunBB 1.2.6 or later.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|
