CVE-2005-2193

Name of the Vulnerable Software and Affected Versions: PunBB versions 1.2.5 and earlier

Description: The issue allows remote attackers to execute arbitrary SQL statements via the temp array in the user profile edit module in profile.php. This is because the temp array is not initialized before it is used, preventing the attacker-supplied portions of the array from being properly escaped.

Recommendations: For PunBB versions 1.2.5 and earlier, consider disabling the user profile edit module in profile.php until a fix is available. Restrict access to the temp array to minimize the risk of exploitation. Avoid using the temp array in the affected module until the issue is resolved.