Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PunBB < 1.2.9 search.php old_searches Parameter SQL Injection



The remote host is vulnerable to multiple attack vectors.


The version of PunBB installed on the remote host fails to sanitize user-supplied input to the 'old_searches' parameter of the 'search.php' script before using it in database queries. Provided PHP's 'register_globals' setting is enabled, an attacker may be able to exploit this issue to delete arbitrary data or launch attacks against the underlying database.


Upgrade to version 1.2.9 or higher.