PunBB < 1.2.2 Multiple Input Validation Vulnerabilities

high Nessus Plugin ID 17224


The remote web server contains a PHP application that suffers from multiple vulnerabilities.


The remote host is running a version of PunBB that fails to properly sanitize user-input to several scripts thereby enabling an attacker to launch various SQL injection attacks.

In addition, the profile.php script enables anyone to call the change_pass action while specifying the id of an existing user to set their password to NULL, effectively shutting them out of the system.


Upgrade to PunBB 1.2.2 or later.

See Also



Plugin Details

Severity: High

ID: 17224

File Name: punBB_input_validation_vulns.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 2/26/2005

Updated: 6/1/2022

Configuration: Enable thorough checks

Risk Information


Risk Factor: Medium

Score: 6.3


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/punBB

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/24/2005

Reference Information

CVE: CVE-2005-0569, CVE-2005-0570, CVE-2005-0571

BID: 12652