PunBB < 1.2.2 Multiple Input Validation Vulnerabilities

high Nessus Plugin ID 17224

Synopsis

The remote web server contains a PHP application that suffers from multiple vulnerabilities.

Description

The remote host is running a version of PunBB that fails to properly sanitize user-input to several scripts thereby enabling an attacker to launch various SQL injection attacks.

In addition, the profile.php script enables anyone to call the change_pass action while specifying the id of an existing user to set their password to NULL, effectively shutting them out of the system.

Solution

Upgrade to PunBB 1.2.2 or later.

See Also

https://marc.info/?l=bugtraq&m=110927754230666&w=2

http://forums.punbb.org/viewtopic.php?id=6460

Plugin Details

Severity: High

ID: 17224

File Name: punBB_input_validation_vulns.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 2/26/2005

Updated: 6/1/2022

Configuration: Enable thorough checks

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/punBB

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/24/2005

Reference Information

CVE: CVE-2005-0569, CVE-2005-0570, CVE-2005-0571

BID: 12652