Pages: [1] 
|
 |
|
 Author
|
Topic: PunBB Multiple SQL Injection and Cross Site Scripting Vulnerabilities (Read 910 times)
|
|
TJ
|
* Technical Description * Two vulnerabilities were identified in PunBB, which could be exploited by attackers to perform SQL injection or cross site scripting. The first issue is due to an input validation error when processing a specially crafted BBcode "url" tag, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser. The second vulnerability is due to input validation errors in the administration interface and the search engine when processing specially crafted parameters, which may be exploited by remote users to conduct SQL injection attacks. * Affected Products * PunBB version 1.2.6 and prior * Solution * Upgrade to PunBB version 1.2.7 : http://www.punbb.org/downloads.php * References * http://www.frsirt.com/english/advisories/2005/1708http://www.punbb.org/changelogs/1.2.6_to_1.2.7.txt |
|
|
|
|
Logged
|
|
|
|
|
Pages: [1] 
|
|
|
 |
AlphaOne Technology Support Forums
