PT-2005-4073 · Unknown · Versatilebulletinboard

Rgod

Published

2005-10-20

Updated

2016-10-18

CVE-2005-3260

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions versatileBulletinBoard (vBB) version 1.0.0 RC2

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via two parameters: the url parameter in "dereferrer.php" and the file parameter in "imagewin.php".

Recommendations For version 1.0.0 RC2, consider disabling the dereferrer.php and imagewin.php scripts until a patch is available to prevent exploitation. Restrict access to these scripts to minimize the risk of arbitrary web script or HTML injection. Avoid using the url and file parameters in the affected scripts until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3260

Affected Products

Versatilebulletinboard

PT-2005-4073 · Unknown · Versatilebulletinboard

CVE-2005-3260

Related Identifiers

Affected Products

References · 8