CVE-2006-5735 / CVE-2006-5736 / CVE-2006-5737 par John JEAN
PunBB <= 1.2.13 Multiple Vulnerabilities
PunBB is prone to an SQL injection in the search module, because of an unitialized variable which is undirectly passed into an SQL query without any check. Using this vulnerability, a visitor can perform blind SQL injections, which can lead to the content disclosure of any data stored in the database. The exploitation of this flaw uses the PHP Zend_Hash_Del_Key_Or_Index vulnerability, and thus requires register_globals enabled and PHP <= 4.4.2 or PHP <= 5.1.3 on the server where PunBB is installed.
PunBB is prone to a local file inclusion in common.php through the $pun_user[‘language’] variable, which can lead to remote PHP code execution on servers where PunBB is installed. The exploitation of this flaw does not require any special configuration of PHP.
Lire la suite des vulnérabilités de PunBB