FunkBoard Profile.PHP HTML Injection Vulnerability
BID:20946
Info
FunkBoard Profile.PHP HTML Injection Vulnerability
| Bugtraq ID: | 20946 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 06 2006 12:00AM |
| Updated: | Nov 08 2006 06:22PM |
| Credit: | The vendor reported this vulnerability. |
| Vulnerable: |
FunkBoard FunkBoard 0.71 |
| Not Vulnerable: | |
Discussion
FunkBoard Profile.PHP HTML Injection Vulnerability
FunkBoard is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
FunkBoard 0.71 is reported vulnerable; other versions may also be affected.
FunkBoard is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
FunkBoard 0.71 is reported vulnerable; other versions may also be affected.
Exploit / POC
FunkBoard Profile.PHP HTML Injection Vulnerability
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
FunkBoard Profile.PHP HTML Injection Vulnerability
Solution:
FunkBoard 0.71 released on November 4, 2006 18:16 GMT is not affected by this issue. A patch is available as well.
FunkBoard FunkBoard 0.71
Solution:
FunkBoard 0.71 released on November 4, 2006 18:16 GMT is not affected by this issue. A patch is available as well.
FunkBoard FunkBoard 0.71
-
FunkBoard fb071scriptfix.zip
http://www.funkboard.co.uk/files/fb071scriptfix.zip
References
FunkBoard Profile.PHP HTML Injection Vulnerability
References:
References:
- 4th November hack fix (FunkBoard)
- FunkBoard Homepage (FunkBoard)