punBB < 1.2.2 Multiple SQL Injection and Authentication Bypass Vulnerabilities

High Nessus Network Monitor Plugin ID 2651

Synopsis

The remote web server contains a script that is vulnerable to a SQL injection attack.

Description

The remote host is running punBB, a web-based bulletin board. punBB works in conjunction with a SQL database. This version of punBB is vulnerable to several SQL injection flaws as well as an authentication bypass flaw. An attacker exploiting these flaws would only need to be able to send HTTP traffic to the web server. A successful SQL injection attack would give the attacker the ability to execute commands on the SQL server, view data, and modify data. A successful authentication bypass attack would give the attacker the ability to perform administrative tasks on the web server.

Solution

Upgrade to version 1.2.2 or higher.

Plugin Details

Severity: High

ID: 2651

Family: CGI

Published: 2005/02/25

Modified: 2018/07/11

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:punbb:punbb

Reference Information

CVE: CVE-2005-0571, CVE-2005-0569, CVE-2005-0570

BID: 12652