CVE-2008-5434

Name of the Vulnerable Software and Affected Versions PunBB versions 1.3 through 1.3.1

Description The issue allows remote authenticated administrators to execute arbitrary SQL commands. This can be achieved via the order by or direction parameter to "admin/users.php", or through configuration options to "admin/settings.php".

Recommendations For PunBB versions 1.3 through 1.3.1, consider restricting access to the admin/users.php and admin/settings.php pages until a fix is available. As a temporary workaround, avoid using the order by and direction parameters in the admin/users.php page, and limit modifications to configuration options in admin/settings.php.