Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2193

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2193
Last Modified 05 Sep 2008 04:51:07
Published 11 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2193

Summary

SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped.

Vulnerable Systems

Application

  • Punbb 1.0

  • Punbb 1.0 Alpha

  • Punbb 1.0 Beta1

  • Punbb 1.0 Beta2

  • Punbb 1.0 Beta3

  • Punbb 1.0 Rc1

  • Punbb 1.0 Rc2

  • Punbb 1.0.1

  • Punbb 1.1

  • Punbb 1.1.1

  • Punbb 1.1.2

  • Punbb 1.1.3

  • Punbb 1.1.4

  • Punbb 1.1.5

  • Punbb 1.2.1

  • Punbb 1.2.2

  • Punbb 1.2.3

  • Punbb 1.2.4


References

MISC - http://www.hardened-php.net/advisory-082005.php

BUGTRAQ - 20050707 Advisory 08/2005: PunBB SQL Injection Vulnerability

MISC - http://www.punbb.org/


Last Updated: 27 May 2016 10:40:26