Secunia Security Advisory - Some vulnerabilities have been reported in PunBB, which potentially can be exploited by malicious users to disclose sensitive information, and by malicious people to bypass certain security restrictions and conduct SQL injection attacks.
55bdc2b21f283254eddc16f297a57fd9c343d0f2b840bcffb722121b79b9cedb
TITLE:
PunBB Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA14394
VERIFY ADVISORY:
http://secunia.com/advisories/14394/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Manipulation of data, Exposure of sensitive
information
WHERE:
>From remote
SOFTWARE:
PunBB 1.x
http://secunia.com/product/3700/
DESCRIPTION:
Some vulnerabilities have been reported in PunBB, which potentially
can be exploited by malicious users to disclose sensitive
information, and by malicious people to bypass certain security
restrictions and conduct SQL injection attacks.
1) Input passed to the "language" and "email" parameters in
"register.php", the "req_new_email" parameter in "profile.php", and
the "posts" and "topics" parameters in "moderate.php" is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
NOTE: Exploitation of the "req_new_email" parameter requires user
authentication and access to "moderate.php" requires user to be
moderator or administrator.
The vulnerabilities have been reported in version 1.2.1. Prior
versions may also be affected.
2) An error in "profile.php" can be exploited to disable user
accounts by setting a user's password to NULL.
The vulnerability has been reported in version 1.2.1. Prior versions
may also be affected.
3) An unspecified error in "admin_loader.php" may be exploited to
disclose the contents of arbitrary files.
SOLUTION:
Update to version 1.2.2.
http://www.punbb.org/downloads.php
PROVIDED AND/OR DISCOVERED BY:
1-2) John Gumbel
3) Smartys
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------