Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

punBB < 1.2.2 Multiple SQL Injection and Authentication Bypass Vulnerabilities

High

Synopsis

The remote web server contains a script that is vulnerable to a SQL injection attack.

Description

The remote host is running punBB, a web-based bulletin board. punBB works in conjunction with a SQL database. This version of punBB is vulnerable to several SQL injection flaws as well as an authentication bypass flaw. An attacker exploiting these flaws would only need to be able to send HTTP traffic to the web server. A successful SQL injection attack would give the attacker the ability to execute commands on the SQL server, view data, and modify data. A successful authentication bypass attack would give the attacker the ability to perform administrative tasks on the web server.

Solution

Upgrade to version 1.2.2 or higher.