PunBB < 1.2.8 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 3235

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The version of PunBB installed on the remote host suffers from several flaws.

A File Inclusion Vulnerability - The application fails to validate the 'language' parameter when a user updates their profile and uses that throughout the application to require PHP code in order to display messages. An attacker with an account on the affected application may be able to exploit this issue to read arbitrary files and execute local files with arbitrary PHP code subject to the privileges of the web server user ID.

A Cross-Site Scripting Vulnerability - The application also does not sanitize input passed to the 'email' parameter of the 'login.php' script when requesting a new password, which permits cross-site scripting attacks such as theft of authentication cookies.

Solution

Upgrade to version 1.2.8 or higher.

See Also

http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt

Plugin Details

Severity: Medium

ID: 3235

Family: CGI

Published: 2005/09/22

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 19775

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 6.3

Temporal Score: 6

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2005-3079, CVE-2005-3078

BID: 14900, 14904