admin
07-09-2005, 01:20 AM
PunBB
http://www.punbb.org
07-08-2005
http://secunia.com/advisories/15990/
Description:
Stefan Esser has reported some vulnerabilities in PunBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
1) Input passed to the "temp" array parameter in "profile.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that "register_globals" is enabled.
2) An error in the template system can be exploited to include arbitrary local files via e.g. the "redirect_url" parameter. This can further be exploited to execute arbitrary PHP code by referencing a specially crafted avatar image containing PHP code.
The vulnerabilities has been reported in version 1.2.5 and prior.
Solution:
Update to version 1.2.6.
http://www.punbb.org/downloads.php
Provided and/or discovered by:
Stefan Esser, Hardened-PHP Project
The vendor also credits Smartys.
http://www.punbb.org
07-08-2005
http://secunia.com/advisories/15990/
Description:
Stefan Esser has reported some vulnerabilities in PunBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
1) Input passed to the "temp" array parameter in "profile.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that "register_globals" is enabled.
2) An error in the template system can be exploited to include arbitrary local files via e.g. the "redirect_url" parameter. This can further be exploited to execute arbitrary PHP code by referencing a specially crafted avatar image containing PHP code.
The vulnerabilities has been reported in version 1.2.5 and prior.
Solution:
Update to version 1.2.6.
http://www.punbb.org/downloads.php
Provided and/or discovered by:
Stefan Esser, Hardened-PHP Project
The vendor also credits Smartys.