CVE-2007-2234

Name of the Vulnerable Software and Affected Versions PunBB versions 1.2.14 and earlier

Description The issue arises from improper handling of a disabled ini get function when checking the register globals setting in include/common.php. This allows remote attackers to register global parameters. An example of exploitation is an SQL injection attack on the search id parameter to "search.php".

Recommendations For PunBB versions 1.2.14 and earlier, consider disabling the register globals setting to prevent global parameter registration until a proper fix is applied. As a temporary workaround, restrict access to the "search.php" endpoint to minimize the risk of SQL injection attacks. Avoid using the search id parameter in the affected endpoint until the issue is resolved.