CVE-2005-2569

Name of the Vulnerable Software and Affected Versions FunkBoard versions 0.66CF and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via certain parameters to various PHP files. This can be achieved by manipulating the fbusername or fbpassword parameter in files such as editpost.php, prefs.php, newtopic.php, reply.php, or profile.php. Additionally, multiple parameters in register.php, including fbusername, fmail, www, icq, yim, location, sex, interебbies, sig, and aim, are vulnerable, as well as the subject parameter in newtopic.php.

Recommendations For FunkBoard versions 0.66CF and earlier, consider disabling the affected parameters, such as fbusername, fbpassword, fmail, www, icq, yim, location, sex, interебbies, sig, aim, and subject, in the respective PHP files until a patch is available. Restrict access to the vulnerable PHP files, including editpost.php, prefs.php, newtopic.php, reply.php, profile.php, and register.php, to minimize the risk of exploitation.