PunBB < 1.2.9 search.php old_searches Parameter SQL Injection
High Nessus Network Monitor Plugin ID 3260
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe version of PunBB installed on the remote host fails to sanitize user-supplied input to the 'old_searches' parameter of the 'search.php' script before using it in database queries. Provided PHP's 'register_globals' setting is enabled, an attacker may be able to exploit this issue to delete arbitrary data or launch attacks against the underlying database.
SolutionUpgrade to version 1.2.9 or higher.