CVE-2007-2236

Name of the Vulnerable Software and Affected Versions PunBB versions 1.2.14 and earlier

Description The issue allows remote attackers to include local files, potentially leading to the execution of PHP code. This can be achieved through a cross-site scripting (XSS) attack or via the pun include tag. For example, an attacker could use admin options.php to execute PHP code from an uploaded avatar file.

Recommendations For PunBB versions 1.2.14 and earlier, consider disabling the pun include tag and restricting the upload of files, especially avatars, until a patch is available. As a temporary workaround, restrict access to the admin options.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.