CVE-2009-2786

Name of the Vulnerable Software and Affected Versions PunBB Reputation plugin versions 2.2.4, 2.2.3, 2.0.4, and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the poster parameter in the reputation.php file of the Reputation plugin for PunBB.

Recommendations For PunBB Reputation plugin versions 2.2.4, 2.2.3, 2.0.4, and earlier, consider restricting access to the reputation.php file until a fix is available. As a temporary workaround, avoid using the poster parameter in the affected reputation.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.