Detections
Analytics

PunBB Search Dropdown Private Forum Disclosure

medium Nessus Plugin ID 15938

Language:

Synopsis

The remote web server contains a PHP application that is prone to an information disclosure flaw.

Description

According to its banner, the remote version of PunBB reportedly may include protected forums in a search dropdown list regardless of whether a user has permissions to view those forums.

Solution

Update to PunBB version 1.1.5 or later.

See Also

http://www.punbb.org/changelogs/1.1.4_to_1.1.5.txt

Plugin Details

Severity: Medium

ID: 15938

File Name: punBB_info_disclosure.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 12/13/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/punBB

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 6/3/2004

Reference Information

BID: 11841