Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2571

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-2571
Last Modified 05 Sep 2008 04:52:07
Published 16 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2571

Summary

FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php.

Vulnerable Systems

Application

  • Funkboard 0.66f


References

CONFIRM - http://www.funkboard.co.uk/forum/thread.php?id=265

BUGTRAQ - 20050813 Re: FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution

BUGTRAQ - 20050808 FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution


Last Updated: 27 May 2016 10:40:34