PT-2005-3122 · Punbb · Punbb

Stefan Esser

Published

2005-07-10

Updated

2016-10-18

CVE-2005-2193

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PunBB versions 1.2.5 and earlier

Description: The issue allows remote attackers to execute arbitrary SQL statements via the temp array in the user profile edit module in profile.php. This is because the temp array is not initialized before it is used, preventing the attacker-supplied portions of the array from being properly escaped.

Recommendations: For PunBB versions 1.2.5 and earlier, consider disabling the user profile edit module in profile.php until a fix is available. Restrict access to the temp array to minimize the risk of exploitation. Avoid using the temp array in the affected module until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2193

Affected Products

Punbb

PT-2005-3122 · Punbb · Punbb

CVE-2005-2193

Related Identifiers

Affected Products

References · 5