Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PunBB < 1.2.9 search.php old_searches Parameter SQL Injection

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The version of PunBB installed on the remote host fails to sanitize user-supplied input to the 'old_searches' parameter of the 'search.php' script before using it in database queries. Provided PHP's 'register_globals' setting is enabled, an attacker may be able to exploit this issue to delete arbitrary data or launch attacks against the underlying database.

Solution

Upgrade to version 1.2.9 or higher.