Detections
Analytics

PunBB < 1.2.8 Multiple Vulnerabilities

medium Nessus Plugin ID 19775

Language:

Synopsis

The remote web server contains two PHP scripts that may allow arbitrary code execution, local file disclosure, and cross-site scripting attacks.

Description

According to its banner, the version of PunBB installed on the remote host suffers from several flaws.

- A File Include Vulnerability The application fails to validate the 'language' parameter when a user updates his profile and uses that throughout the application to require PHP code in order to display messages. An attacker with an account on the affected application may be able to exploit this issue to read arbitrary files and even to execute local files with arbitrary PHP code subject to the privileges of the web server user id.

 - A Cross-Site Scripting Vulnerability The application also does not sanitize input passed to the 'email' parameter of the 'login.php' script when requesting a new password, which permits cross-site scripting attacks such as theft of authentication cookies.

Solution

Upgrade to PunBB 1.2.8 or later.

See Also

http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt

Plugin Details

Severity: Medium

ID: 19775

File Name: punBB_128.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 9/23/2005

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/punBB

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/21/2005

Reference Information

CVE: CVE-2005-3078, CVE-2005-3079

BID: 14900, 14904

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990