John Gumbel

**Name of the Vulnerable Software and Affected Versions** PunBB version 1.2.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the `language` parameter to "register.php", the change email feature in "profile.php", or the `posts` or `topics` parameter to "moderate.php". **Recommendations** For PunBB version 1.2.1, consider restricting access to the "register.php", "profile.php", and "moderate.php" scripts until a patch is available. As a temporary workaround, avoid using the `language`, `posts`, and `topics` parameters in the affected scripts.

**Name of the Vulnerable Software and Affected Versions** PunBB version 1.2.1 **Description** The issue allows remote attackers to read arbitrary files. This is achieved via the `plugin` parameter in the admin loader.php file. **Recommendations** For PunBB version 1.2.1, consider restricting access to the admin loader.php file until a patch is available. As a temporary workaround, avoid using the `plugin` parameter in the affected file to minimize the risk of exploitation.