Improper handling of several arguments in the moderate.php code in punbb version 1.2.1 allows a malicious moderator to inject arbitrary SQL statements.
6bdc9357ff20bb7f7303ff83fef6913311150b993239cb8d7c76abff375397bd
Due to a flaw in punbb version 1.2.1, a remote attacker without an account can set the password of any user on the system to NULL, effectively shutting them out of the system.
3034c8b9bfd452eee66b4d3131399bf4eb4662a52606ffdf7b798f4fc2a8493f
A remote attacker can cause register.php punbb version 1.2.1 to execute arbitrary SQL statements by supplying malicious values to the language or email parameters.
50193fa1b4c0adde13ec79fb65995c4f0740db19db311771e4c52fb259438b50