CVE-2005-0569

critical

Description

Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19473

http://www.punbb.org/changelogs/1.2.1_to_1.2.2.txt

http://secunia.com/advisories/14538

http://secunia.com/advisories/14394

http://marc.info/?l=bugtraq&m=110927754230666&w=2

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical