Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> CGI abuses >> PunBB profile.php SQL Injection Vulnerability

Vulnerability Assessment Details

PunBB profile.php SQL Injection Vulnerability
Vulnerability Assessment Summary
Checks for SQL injection vulnerability in PunBB's profile.php

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP script that is affected by a SQL
injection flaw.

Description :

According to its banner, the version of PunBB installed on the remote
host fails to properly sanitize user input to the script 'profile.php'
through the 'change_email' parameter prior to using it in a SQL query.
Once authenticated, a possible hacker can exploit this flaw to manipulate
database queries, even gaining administrative access.

See also :

http://marc.theaimsgroup.com/?l=bugtraq&m=111306207306155&w=2

Solution :

Upgrade to PunBB version 1.2.5 or newer.

Network Security Threat Level:

Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)

Networks Security ID: 13071

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security
Cables, Connectors


ASUS P8B75-M/CSM Desktop Motherboard Intel Socket LGA1155 DDR3 w/ IO picture

ASUS P8B75-M/CSM Desktop Motherboard Intel Socket LGA1155 DDR3 w/ IO

$29.53


ASUS PRIME Q270M-C MOTHERBOARD INTEL LGA1151 DDR4 M.2 INTEL OPTANE I/O SHIELD picture

ASUS PRIME Q270M-C MOTHERBOARD INTEL LGA1151 DDR4 M.2 INTEL OPTANE I/O SHIELD

$35.99


ASUS TUF Gaming Z790-Plus WiFi LGA 1700(Intel14th & 13th & 12th) ATX Motherboard picture

ASUS TUF Gaming Z790-Plus WiFi LGA 1700(Intel14th & 13th & 12th) ATX Motherboard

$119.00


Gigabyte B560 DS3H AC IntelB560 LGA 1200 ATX Desktop Motherboard B picture

Gigabyte B560 DS3H AC IntelB560 LGA 1200 ATX Desktop Motherboard B

$59.99


Gigabyte B560 DS3H AC Intel LGA 1200 DDR4 ATX Motherboard picture

Gigabyte B560 DS3H AC Intel LGA 1200 DDR4 ATX Motherboard

$69.95


GIGABYTE B450M GAMING X Motherboard W/AMD CPU Ryzen 5 3600@3.6GHz w/Heatsink Kit picture

GIGABYTE B450M GAMING X Motherboard W/AMD CPU Ryzen 5 3600@3.6GHz w/Heatsink Kit

$109.99


*8th + 9th Gen Only* Gigabyte Q370M D3H GSM PLUS LGA 1151 mATX Motherboard picture

*8th + 9th Gen Only* Gigabyte Q370M D3H GSM PLUS LGA 1151 mATX Motherboard

$55.99


MSI PRO Z690-A WIFI DDR4 INTEL PCIE 5.0 WiFi 6E ATX Motherboard picture

MSI PRO Z690-A WIFI DDR4 INTEL PCIE 5.0 WiFi 6E ATX Motherboard

$89.99


Gigabyte B650 Aorus Elite Ax V2 (am5/ Lga 1718/ Amd/ B650/ Atx/ 5-year Warranty picture

Gigabyte B650 Aorus Elite Ax V2 (am5/ Lga 1718/ Amd/ B650/ Atx/ 5-year Warranty

$159.99


GIGABYTE Z790 Eagle AX LGA 1700 Intel Z790 ATX Motherboard (READ DESCRIPTION) picture

GIGABYTE Z790 Eagle AX LGA 1700 Intel Z790 ATX Motherboard (READ DESCRIPTION)

$81.00


Discussions

No Discussions have been posted on this vulnerability.