PunBB Multiple Input Validation Vulnerabilities
BID:17827
Info
PunBB Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 17827 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2006 12:00AM |
| Updated: | Jun 20 2006 11:15PM |
| Credit: | [email protected] is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
PunBB PunBB 1.2.11 PunBB PunBB 1.2.10 PunBB PunBB 1.2.10 PunBB PunBB 1.2.9 PunBB PunBB 1.2.8 PunBB PunBB 1.2.7 PunBB PunBB 1.2.6 PunBB PunBB 1.2.5 PunBB PunBB 1.2.4 PunBB PunBB 1.2.3 PunBB PunBB 1.2.2 PunBB PunBB 1.2.1 PunBB PunBB 1.1.5 PunBB PunBB 1.1.4 PunBB PunBB 1.1.3 PunBB PunBB 1.1.2 PunBB PunBB 1.1.1 PunBB PunBB 1.1 PunBB PunBB 1.0.1 PunBB PunBB 1.0 RC2 PunBB PunBB 1.0 RC1 PunBB PunBB 1.0 _beta3 PunBB PunBB 1.0 _beta2 PunBB PunBB 1.0 _beta1 PunBB PunBB 1.0 _alpha PunBB PunBB 1.0 |
| Not Vulnerable: |
PunBB PunBB 1.2.12 |
Discussion
PunBB Multiple Input Validation Vulnerabilities
PunBB is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would be executed in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.
PunBB is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would be executed in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.
Exploit / POC
PunBB Multiple Input Validation Vulnerabilities
These vulnerabilities may be exploited with a web client.
These vulnerabilities may be exploited with a web client.
Solution / Fix
PunBB Multiple Input Validation Vulnerabilities
Solution:
The vendor has released version 1.2.12 to address this issue.
PunBB PunBB 1.0 RC1
PunBB PunBB 1.0
PunBB PunBB 1.0 _beta2
PunBB PunBB 1.0 RC2
PunBB PunBB 1.0 _beta3
PunBB PunBB 1.0 _alpha
PunBB PunBB 1.0 _beta1
PunBB PunBB 1.0.1
PunBB PunBB 1.1
PunBB PunBB 1.1.1
PunBB PunBB 1.1.2
PunBB PunBB 1.1.3
PunBB PunBB 1.1.4
PunBB PunBB 1.1.5
PunBB PunBB 1.2.1
PunBB PunBB 1.2.10
PunBB PunBB 1.2.10
PunBB PunBB 1.2.11
PunBB PunBB 1.2.2
PunBB PunBB 1.2.3
PunBB PunBB 1.2.4
PunBB PunBB 1.2.5
PunBB PunBB 1.2.6
PunBB PunBB 1.2.7
PunBB PunBB 1.2.8
PunBB PunBB 1.2.9
Solution:
The vendor has released version 1.2.12 to address this issue.
PunBB PunBB 1.0 RC1
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.0
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.0 _beta2
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.0 RC2
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.0 _beta3
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.0 _alpha
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.0 _beta1
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.0.1
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.1
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.1.1
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.1.2
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.1.3
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.1.4
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.1.5
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.1
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.10
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.10
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.11
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.2
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.3
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.4
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.5
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.6
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.7
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.8
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
PunBB PunBB 1.2.9
-
PunBB punbb-1.2.12.tar.gz
http://www.punbb.org/download/punbb-1.2.12.tar.gz
References
PunBB Multiple Input Validation Vulnerabilities
References:
References: